setup.x86.ar-sa_o365homepremretail_0f1288da-00ad-4bc0-a145-b8fa2ccd1496_tx_db_.exe

Microsoft Office 2016

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office 2016

Description:
Microsoft Office

Version:
16.0.6925.1018

MD5:
1fc8b57b91b067a21048370cfd9802f9

SHA-1:
725c393cf32bb3c69a18d4847081c9e52c4f0c4e

SHA-256:
26aa0c67b1325e87ba8138399a3d5af9230564899d2fa27b414552a54bb848ca

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/30/2024 7:59:38 AM UTC  (today)

File size:
3.3 MB (3,480,264 bytes)

Product version:
16.0.6925.1018

Original file name:
Bootstrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Arabic (Saudi Arabia)

Common path:
C:\users\{user}\downloads\programs\setup.x86.ar-sa_o365homepremretail_0f1288da-00ad-4bc0-a145-b8fa2ccd1496_tx_db_.exe

Digital Signature
Authority:
Microsoft Corporation

Valid from:
6/4/2015 7:42:45 PM

Valid to:
9/4/2016 7:42:45 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000010A2C79AED7797BA6AC00010000010A

File PE Metadata
Compilation timestamp:
6/9/2016 12:36:47 PM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:HQsLB924DU5jAXELZa/zqk+0SoXM1jYd4qLGPlxLGh6MBC6fmlN1UMMVvKYJNj7y:H7U5jdCqTQfmlSKYJdXHvs6CGwY2sf

Entry address:
0x144E68

Entry point:
E8, DA, 0D, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 98, 72, 67, 00, F2, 0F, 85, 27, 04, 00, 00, F2, C3, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, AA, 12, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, 80, 29, 68, 00, 8B, 50, 04, EB, 04, 3B, D0, 74, 10, 33, C0...
 
[+]

Entropy:
6.5900

Code size:
1.6 MB (1,715,200 bytes)

The file setup.x86.ar-sa_o365homepremretail_0f1288da-00ad-4bc0-a145-b8fa2ccd1496_tx_db_.exe has been seen being distributed by the following 25 URLs.

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=ebef3178-7bd7-4333-87e8-4eaba8ebdeef&token=09043c2e-8497-43d8-bfc7-fa4fca90992e&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=682fb4ae-43ce-4624-9e48-62f7773aa0fe&token=0f477eeb-f0cf-4a6b-885b-e07cdd978b50&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=495a171b-dad7-432b-a8ca-f661c5531cce&token=0f8f6748-b224-4cdc-905b-e26571c5c632&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=9e24b83b-88cb-4731-ba65-d1602fd0eb97&token=030e3b06-c1d1-435e-9e8b-75e101741e1d&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=dfeaff5a-523d-425e-b4b0-8040dabbe5eb&token=01a238ee-0d22-4dbc-a117-7d3e99feff56&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=d04e5c44-d667-4939-b401-f91a1a44c433&token=03e366a0-1c3a-4138-bdac-920ac7094852&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=8113893d-fcdc-4327-9ae3-a88419fd7e41&token=07ffc4c8-ef67-484b-af01-06b022607b15&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=c770a6e0-6558-464f-8ad1-3aeebdae957d&token=0708a8ca-54f5-4f24-9582-911951748699&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=69c39c4f-97cf-4a20-8734-df3daf2dce25&token=0264308b-772e-453f-862b-7603f26893f4&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=5921527d-a432-4810-89fe-7e62ba6925db&token=03a52f00-832e-48ce-8e67-3e5fd566f8ed&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=919591a1-f66d-49d2-9464-ed4c884d1e05&token=0dbc984f-0291-487d-90c0-55d16b202b1a&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=79451de6-8db6-468a-805c-f1316624d4aa&token=035affff-9654-482e-acf5-e858b62f619e&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=f6b058f3-8d84-4ade-a6d6-54f80e5b57f4&token=0945a876-a334-4801-8309-111c4df2d318&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=81b8681c-164d-4ed0-9a12-b746adc9d43e&token=0797d63d-36bf-4d1a-97f6-5a69832f827d&version=O16GA&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=ar-SA&TaxRegion=db&correlationId=23da7391-a3f4-4dc6-95f6-962385564e4b&token=07088319-3394-4df5-b83c-1c25068a9812&version=O16GA&source=O15OLSOMEX