office2010_rus_version.exe

ВERSHNET LLC

The application office2010_rus_version.exe by ВERSHNET has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from office-skachat.ru.
Publisher:
ВERSHNET LLC  (signed and verified)

Version:
1.0.0.0

MD5:
27f3f87e041e5c3e387a104be2a0fd9a

SHA-1:
7edd65e84d6bdf470a4200e0500bdeda61b486b9

SHA-256:
cfe8185bc10aa8ba756dd00bd993d922a2e65bdd8f278f3479fa8c0ffc0b02b8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 5:14:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OutBrowse (M)
17.3.4.16

File size:
3.6 MB (3,800,632 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\office2010_rus_version.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/5/2015 6:00:00 AM

Valid to:
2/6/2016 5:59:59 AM

Subject:
CN=ВERSHNET LLC, O=ВERSHNET LLC, STREET="600-Richchya, house 66, office 10", L=Vinnitsa, S=Vinnitskiy Region, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0DCBDEF5E756334284571793EA14D465

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA82940

Entry point:
60, BE, 00, 60, B6, 00, 8D, BE, 00, B0, 89, FF, C7, 87, CC, 80, 78, 00, 47, A9, 08, 00, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
3.1 MB (3,264,512 bytes)

The file office2010_rus_version.exe has been seen being distributed by the following URL.

http://office-skachat.ru/file.php?url=https://yadi.sk/.../31ruB0cyfqtjn&sid=6267

Remove office2010_rus_version.exe - Powered by Reason Core Security