» officesetup.exe
Overview
Analysis
File Details
Downloads (9)

officesetup.exe

Microsoft Office 15

Microsoft Corporation

File name:

officesetup.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Office 15

Description:

Microsoft Office Click-to-Run

Version:

15.0.4551.1507

MD5:

0e095ff6e9326882a27c6a058db501a4

SHA-1:

519e8c22cec6509b578188c8a399039989dee096

SHA-256:

9dd51d916effbbc383a14782c1ea04199c6bf4876f4255e9225912f9e225ebb5

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/27/2024 1:52:32 AM UTC (today)

File size:

781.7 KB (800,440 bytes)

Product version:

15.0.4551.1507

Original file name:

Bootstrapper.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\officesetup.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

1/25/2013 6:33:39 AM

Valid to:

4/25/2014 6:33:39 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000B011AF0A8BD03B9FDD0001000000B0

File PE Metadata

Compilation timestamp:

10/30/2013 2:51:52 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.10

CTPH (ssdeep):

12288:gkBeGrzZqblGlLJ1ifGwZ4MWHkdxXciOlNT:gkBexlGhJ1ifGwCkdElNT

Entry address:

0x44070

Entry point:

48, 83, EC, 28, E8, A3, 54, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, 0F, 1F, 80, 00, 00, 00, 00, 0F, 1F, 80, 00, 00, 00, 00, E9, 8B, 1A, 00, 00, 90, 90, 90, 53, 48, 83, EC, 20, BA, 08, 00, 00, 00, 8D, 4A, 18, E8, A6, 55, 00, 00, 48, 8B, C8, 48, 8B, D8, FF, 15, AA, 32, 02, 00, 48, 89, 05, 13, 15, 06, 00, 48, 89, 05, 04, 15, 06, 00, 48, 85, DB, 75, 05, 8D, 43, 18, EB, 06, 48, 83, 23, 00, 33, C0, 48, 83, C4, 20, 5B, C3, 90, 90, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 48, 89, 7C, 24, 18, 41, 54, 41, 55, 41... 
[+]

Entropy:

5.6326

Code size:

407 KB (416,768 bytes)

The file officesetup.exe has been seen being distributed by the following 9 URLs.

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X64&language=en-US&TaxRegion=pr&correlationId=4cbcb19c-6290-4197-bcfd-bee56794ae36&token=e509bf4a-54f9-482c-a311-0c062bcb0c57&version=O15GA&source=O15OLSOMEX

http://softwareapp-pro.s3.amazonaws.com/uploads/program_file/file_url/150/.../Setup.X64.en-US_O365HomePremRetail_24c9be9c-10df-4954-9b66-1aecd4b94986_TX_DB_.exe

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X64&language=en-US&TaxRegion=db&correlationId=e647205e-1ca6-4381-9f68-27fab25c3fbf&token=83ff777f-8df1-416c-a80b-4cdab0213785&version=O15GA&source=O15OLSOMEX

http://softwareapp-pro.s3.amazonaws.com/uploads/program_file/file_url/158/.../Setup.X64.en-US_O365HomePremRetail_24c9be9c-10df-4954-9b66-1aecd4b94986_TX_DB_.exe

http://softwareapp-pro.s3.amazonaws.com/uploads/program_file/file_url/160/.../Setup.X64.en-US_O365HomePremRetail_24c9be9c-10df-4954-9b66-1aecd4b94986_TX_DB_.exe

http://softwareapp-pro.s3.amazonaws.com/uploads/program_file/file_url/152/.../Setup.X64.en-US_O365HomePremRetail_24c9be9c-10df-4954-9b66-1aecd4b94986_TX_DB_.exe

http://softwareapp-pro.s3.amazonaws.com/uploads/program_file/file_url/154/.../Setup.X64.en-US_O365HomePremRetail_24c9be9c-10df-4954-9b66-1aecd4b94986_TX_DB_.exe

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X64&language=en-US&TaxRegion=pr&correlationId=f16c5584-beb9-45b0-9b59-b17f6b51136b&token=923a03fd-3efa-4089-9620-a9302fa5d458&version=O15GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X64&language=en-US&TaxRegion=pr&correlationId=13fc0236-3deb-4ca4-aee0-c6a1eaf7cef5&token=7b8e1382-69bf-4ff8-83fc-c9bfce9faf44&version=O15GA&source=O15OLSOMEX

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.