home

quick text logo reveal template.exe

2007 Microsoft Office system

OOO

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application quick text logo reveal template.exe, “Microsoft Office Multi-Msi ActiveDirectory Deployment Tool.” by OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from rufile.net.
Publisher:
Microsoft Corporation  (signed by OOO )

Product:
2007 Microsoft Office system

Description:
Microsoft Office Multi-Msi ActiveDirectory Deployment Tool.

Version:
12.0.6500.5000

MD5:
d95dca90d02d653a6fe3a6aea35f85a9

SHA-1:
8d4d5c7f3863a53c01fc86786953246b2bed202f

SHA-256:
6fc2105a725735e427915624b98c17d4a529842bd220755531bc84867156e0cd

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/6/2024 2:05:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.27.3

File size:
826 KB (845,864 bytes)

Product version:
12.0.6500.5000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
odeploy.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\quick text logo reveal template.exe

Digital Signature
Signed by:
OOO

Authority:
COMODO CA Limited

Valid from:
6/22/2016 1:00:00 AM

Valid to:
6/23/2017 12:59:59 AM

Subject:
CN="OOO ""BAYKAL FORT AYTI""", O="OOO ""BAYKAL FORT AYTI""", STREET="Dzergynskogo, 25, of.511", L=Irkutsk, S=Irkutskaya, PostalCode=664011, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3893027C66B26D657A5F538754DBCC25

File PE Metadata
Compilation timestamp:
7/9/2016 8:43:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:56J99N9GgrK57EdKn5dVIwzdjYQ7Vf8S1:0J99Nwb9IqYGVf8S1

Entry address:
0x1290

Entry point:
55, 8B, EC, B8, 50, 8B, 00, 00, E8, B3, FF, FF, FF, 53, 56, 57, C6, 45, F4, 3E, 68, 84, 00, 44, 00, FF, 15, F4, 30, 43, 00, C7, 85, 54, 77, FF, FF, 03, 00, 00, 00, 68, 8C, 00, 44, 00, FF, 15, F4, 30, 43, 00, 8B, 85, 54, 77, FF, FF, 83, C0, 0C, 89, 85, 54, 77, FF, FF, 81, BD, 54, 77, FF, FF, 11, 3B, 00, 00, 76, 02, EB, 09, B9, 29, 00, 00, 00, 85, C9, 75, CF, 68, F2, 12, 40, 00, C3, 33, F2, 8D, 12, EB, 06, 81, EF, D9, 8B, DF, 12, 87, C9, C6, 85, 1C, 77, FF, FF, C1, C1, E9, 00, 68, 10, 13, 40, 00, C3, 33, EB...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
197 KB (201,728 bytes)

The file quick text logo reveal template.exe has been seen being distributed by the following URL.

http://rufile.net/file/.../116492

Remove quick text logo reveal template.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.