setup.x86.en-us_proplusretail_fgn9f-739c4-9wxq3-3gd4d-ybjdp_tx_pr_.exe

Microsoft Office 2016

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office 2016

Description:
Microsoft Office

Version:
16.0.6729.1019

MD5:
e81c6cb3767cddec22f7ce2ea1ac928b

SHA-1:
8c15f2e15512bcb0c57a2a3e6c3f3d77935ce8ca

SHA-256:
c4c125cd6d607cdd13fb8774d39f5fcce19669dda0ef70c237bd71ec8610ebe1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/15/2024 11:31:37 AM UTC  (today)

File size:
3.1 MB (3,300,032 bytes)

Product version:
16.0.6729.1019

Original file name:
Bootstrapper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
Microsoft Corporation

Valid from:
6/4/2015 10:42:45 AM

Valid to:
9/4/2016 10:42:45 AM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000010A2C79AED7797BA6AC00010000010A

File PE Metadata
Compilation timestamp:
4/23/2016 4:52:17 AM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:zUfko+gbOkfcoEabypHkb/ljsZ7qgCWoSD7ymItKkT9b3MyjwYWlkssvNE8TVo2:RoJh0oErpHkBodCWoey9/wY2sbF

Entry address:
0x1134A9

Entry point:
E8, 98, 12, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, 1E, 17, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, 58, 29, 67, 00, 8B, 50, 04, EB, 04, 3B, D0, 74, 10, 33, C0, 8B, CA, F0, 0F, B1, 0E, 85, C0, 75, F0, 32, C0, 5E, C3, B0...
 
[+]

Entropy:
6.5642

Code size:
1.5 MB (1,623,040 bytes)

The file setup.x86.en-us_proplusretail_fgn9f-739c4-9wxq3-3gd4d-ybjdp_tx_pr_.exe has been seen being distributed by the following 28 URLs.

https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=2099c92b72764cd9af5a6ead4a03ce6d&re=ud&rid=865962450&culture=en-US&id=33b4ae69fb504379aa6fac5f1f1e3364&dname=O16.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h740ab981101e4d4a9c3fe8b52fed97a4&receipt_id=845002754&dname=O16.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?TaxRegion=PR&platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16HUP&act=1&language=en-US&token=2TDFJ-N68BK-QJ4BK-QW6YJ-2GYVH

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=KRTXB-NBK6D-2GJT8-BYHJD-GF4HH

https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=b912eb8a70af4a63a7e3a04400ab6f4c&re=ud&rid=865967903&culture=en-US&id=696980b633a84acd9a7c85ab9e7c2bf1&dname=O16.download.name.32

https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=a1f34ca62d2d4bd3b5afaa4932f13074&re=ud&rid=865967362&culture=en-US&id=22d5bd0806ae496c8b80b500d27ecb5c&dname=O16.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=38TN9-CW88F-GB4VK-VX8HJ-F3KX7

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=MYXH9-NK22T-BRVC3-YW4CK-2YT97

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235hfec10a93e0814beba0364d6b3370d8cc&receipt_id=845094100&local_only=true&dname=O16.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234h2d697425f3d14eabab1f30a100e6e252&receipt_id=865665529&dname=O16.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h889872f0ce4248e590c1421e32937aec&receipt_id=845104138&local_only=true&dname=O16.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=HYJCY-NF6R8-93YKM-TD663-GF4HH

https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=da08e06d9c8842058d81b62b1471f04a&re=ud&rid=865958732&culture=en-US&id=77d638fbf3de43c1884dc7a302a3dec4&dname=O16.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234h91c923b4763345f692bb1fa52ea46f78&receipt_id=865960725&local_only=true&dname=O16.download.name.32

https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=a550d7f83c1f40648f08349a0ee50aa1&re=ud&rid=845063531&culture=en-US&id=8c69348d8cb040db8d8db73e02182471&dname=O16.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?ProductreleaseID=ProPlusRetail&language=en-US&platform=x86&token=CTW6H-3FNK6-D76GK-KCXHB-7MH7H&TaxRegion=PR&Source=O15PKC&version=O16GA