» setup.x86.en-us_o365proplusretail_05486b1b-6a48-424a-b7ba-575fc0580cfc_tx_pr_b_67_.exe
Overview
Analysis
File Details
Downloads (1)

setup.x86.en-us_o365proplusretail_05486b1b-6a48-424a-b7ba-575fc0580cfc_tx_pr_b_67_.exe

File name:

MD5:

8afe4fda1f7d6a2c5c9ed43fa3a4ce11

SHA-1:

4c7a3a2940933244102f2f5fb5fb7ee0a0013160

SHA-256:

382894b7e4897f1a68bd422b4545b405319a2a49530aa9e759d8a15e4e25af86

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 1:39:08 AM UTC (today)

File size:

3.3 MB (3,479,752 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\setup.x86.en-us_o365proplusretail_05486b1b-6a48-424a-b7ba-575fc0580cfc_tx_pr_b_67_.exe

File PE Metadata

Compilation timestamp:

5/25/2016 6:52:29 AM

OS version:

5.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

49152:cEgnVeH/cByPdp5RcDn1JBU6Q6Ma9L4FbIcmrOiB3/2aV5d+ZyUeUSbs/PdpCCT1:cNyPdJGNh+ZyUPP+C7d+fXrDvS

Entry address:

0x14499E

Entry point:

45, 8F, 24, 81, 0F, 00, 7F, DB, 48, 8F, 88, 81, 0F, 00, AD, ED, 4C, 8F, EC, 81, 0F, 00, 1D, 27, 50, 8F, 50, 82, 0F, 00, B1, 82, 53, 8F, B4, 82, 0F, 00, 1E, BA, 56, 8F, 18, 83, 0F, 00, C1, BF, 5A, 8F, 7C, 83, 0F, 00, 62, A3, 5E, 8F, E0, 83, 0F, 00, 27, 36, 62, 8F, 44, 84, 0F, 00, B1, CE, 65, 8F, A8, 84, 0F, 00, 6F, A3, 68, 8F, 0C, 85, 0F, 00, E0, 90, 6C, 8F, 70, 85, 0F, 00, 91, 0A, 70, 8F, D4, 85, 0F, 00, 8D, DD, 73, 8F, 38, 86, 0F, 00, 39, 84, 77, 8F, 9C, 86, 0F, 00, 7C, B5, 7A, 8F, 00, 87, 0F, 00, FC, 5B... 
[+]

Entropy:

7.0507

Code size:

1.6 MB (1,713,664 bytes)

The file setup.x86.en-us_o365proplusretail_05486b1b-6a48-424a-b7ba-575fc0580cfc_tx_pr_b_67_.exe has been seen being distributed by the following URL.

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365ProPlusRetail&platform=X86&language=en-US&TaxRegion=pr&correlationId=d8ce87bc-e5f6-4833-81e6-c346de85f04b&token=05486b1b-6a48-424a-b7ba-575fc0580cfc&version=O16GA&source=O15OLSO365&B=3&Br=4

Scan setup.x86.en-us_o365proplusretail_05486b1b-6a48-424a-b7ba-575fc0580cfc_tx_pr_b_67_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.