msword2007menueval.exe

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

The executable msword2007menueval.exe, “MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte” has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.hothotsoftware.com.
Publisher:
MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

Description:
MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

MD5:
84c9486b46a331a110519fc0174ec833

SHA-1:
4194d1e69a9969a79e79c3c1f674c7f391c4d51d

SHA-256:
3bc7f3e62e02bcdd2b146201903a0aa742f309799d31634be75dea95c5040ac7

Scanner detections:
8 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/27/2024 7:29:06 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160708-3

AVG
Win32/Sality
2015.0.4604

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.225.1028.0

Norman
Win32.Sality.3
22.05.2016 07:18:28

File size:
2 MB (2,137,667 bytes)

Copyright:
Copyright (C) 2000-2008, http://www.hothotsoftware.com/, All Rights Reserved

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\msword2007menueval.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:e6ZbA+V8dViCKw79hdVwMSZnNqee4Dac8Si/hvRVbv4e:FZ98SRwTdVTSZnmY0hvRVb1

Entry address:
0x97F0

Entry point:
BE, 1C, 63, 84, 99, F6, C3, B3, 81, E7, 1E, 1C, 95, CF, 89, D0, 85, EF, 15, 56, 52, 20, 0E, 87, FD, 85, CA, 85, CA, 0F, BF, FF, 83, E7, 00, 84, DF, B8, 93, B0, 8D, 87, F3, 0F, AF, E9, 85, CA, 73, 07, 80, F8, 5A, 28, F4, 8B, C5, B9, 48, 6F, 00, 00, 4A, 81, F1, 4D, 65, 00, 00, F7, C6, FD, 2E, D6, B4, 81, E9, 04, 0A, 00, 00, 43, 03, F9, 0F, B6, EF, C7, C5, 2D, F9, A1, 53, C6, C3, 44, 10, C7, 19, DA, C6, C6, 35, 8D, 1D, 8E, BA, DC, BC, 8B, D2, 69, C6, 62, F2, 8F, A5, 81, FF, AE, 04, 00, 00, 0F, 82, A2, FF, FF...
 
[+]

Entropy:
7.9949  (probably packed)

Code size:
36 KB (36,864 bytes)

The file msword2007menueval.exe has been seen being distributed by the following URL.

Remove msword2007menueval.exe - Powered by Reason Core Security