» msword2007menueval.exe
Overview
Analysis
File Details
Downloads (1)

msword2007menueval.exe

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

The executable msword2007menueval.exe, “MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte” has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.hothotsoftware.com.

File name:

Publisher:

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

Description:

MS Word 2007 Ribbon to Old MS Word Classic Menu Toolbar Inte

MD5:

84c9486b46a331a110519fc0174ec833

SHA-1:

4194d1e69a9969a79e79c3c1f674c7f391c4d51d

SHA-256:

3bc7f3e62e02bcdd2b146201903a0aa742f309799d31634be75dea95c5040ac7

Scanner detections:

8 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/6/2024 2:08:57 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160708-3

AVG

Win32/Sality

2015.0.4604

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1028.0

Norman

Win32.Sality.3

22.05.2016 07:18:28

File size:

2 MB (2,137,667 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\msword2007menueval.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:e6ZbA+V8dViCKw79hdVwMSZnNqee4Dac8Si/hvRVbv4e:FZ98SRwTdVTSZnmY0hvRVb1

Entry address:

0x97F0

Entry point:

BE, 1C, 63, 84, 99, F6, C3, B3, 81, E7, 1E, 1C, 95, CF, 89, D0, 85, EF, 15, 56, 52, 20, 0E, 87, FD, 85, CA, 85, CA, 0F, BF, FF, 83, E7, 00, 84, DF, B8, 93, B0, 8D, 87, F3, 0F, AF, E9, 85, CA, 73, 07, 80, F8, 5A, 28, F4, 8B, C5, B9, 48, 6F, 00, 00, 4A, 81, F1, 4D, 65, 00, 00, F7, C6, FD, 2E, D6, B4, 81, E9, 04, 0A, 00, 00, 43, 03, F9, 0F, B6, EF, C7, C5, 2D, F9, A1, 53, C6, C3, 44, 10, C7, 19, DA, C6, C6, 35, 8D, 1D, 8E, BA, DC, BC, 8B, D2, 69, C6, 62, F2, 8F, A5, 81, FF, AE, 04, 00, 00, 0F, 82, A2, FF, FF... 
[+]

Entropy:

7.9949 (probably packed)

Code size:

36 KB (36,864 bytes)

The file msword2007menueval.exe has been seen being distributed by the following URL.

http://www.hothotsoftware.com/.../msword2007menueval.exe

Remove msword2007menueval.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.