setup.x64.nl-nl_o365proplusretail_b0972958-0801-4086-add7-6effbf42743b_tx_pr_.exe

Microsoft Office

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from c2rsetup.officeapps.live.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office

Description:
Microsoft Office Klik-en-Klaar

Version:
15.0.4797.1000

MD5:
b0d1683d3c6ee0e774f504de79832f24

SHA-1:
08f905893162ada5f82ab063d3aed9fc38bad33d

SHA-256:
8b518e9fad6479513dff9edc852aef174486770198539f89b074616c49e3e32b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/27/2024 1:37:32 AM UTC  (today)

File size:
1.5 MB (1,537,776 bytes)

Product version:
15.0.4797.1000

Original file name:
Bootstrapper.exe

File type:
Executable application (Win64 EXE)

Language:
Ducth (Netherlands)

Common path:
C:\users\{user}\Music\setup.x64.nl-nl_o365proplusretail_b0972958-0801-4086-add7-6effbf42743b_tx_pr_.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
6/4/2015 7:42:45 PM

Valid to:
9/4/2016 7:42:45 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000010A2C79AED7797BA6AC00010000010A

File PE Metadata
Compilation timestamp:
1/12/2016 2:52:23 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
24576:/bFNnR6JsH7/HbDYF3ZkgUe6vZdn3UKuv5:voJu/H3YF3Zk66Ln9uh

Entry address:
0x41490

Entry point:
48, 83, EC, 28, E8, 23, 3C, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, 0F, 1F, 80, 00, 00, 00, 00, 0F, 1F, 80, 00, 00, 00, 00, E9, C3, 10, 00, 00, 90, 90, 90, 53, 48, 83, EC, 20, BA, 08, 00, 00, 00, 8D, 4A, 18, E8, 26, 3D, 00, 00, 48, 8B, C8, 48, 8B, D8, FF, 15, 9A, 6E, 09, 00, 48, 89, 05, 53, 9C, 10, 00, 48, 89, 05, 44, 9C, 10, 00, 48, 85, DB, 75, 05, 8D, 43, 18, EB, 06, 48, 83, 23, 00, 33, C0, 48, 83, C4, 20, 5B, C3, 90, 90, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 48, 89, 7C, 24, 18, 41, 54, 41, 55, 41...
 
[+]

Code size:
860.5 KB (881,152 bytes)

The file setup.x64.nl-nl_o365proplusretail_b0972958-0801-4086-add7-6effbf42743b_tx_pr_.exe has been seen being distributed by the following 2 URLs.

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365ProPlusRetail&platform=X64&language=nl-nl&TaxRegion=pr&correlationId=95107d1f-0f04-495a-b606-e439290fccbe&token=322fd11e-322a-464c-ad28-6de4b274ea9b&version=O15GA&source=O15OLSO365