home

setup.x86.es-es_o365homepremretail_06d976f1-1169-4d57-b55c-46ee3c0269c4_tx_db_.exe

Microsoft Office 15

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from download700.mediafire.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office 15

Description:
Microsoft Office Click-to-Run

Version:
15.0.4128.1025

MD5:
7d6c3ad27e00b841579ef67c68fdec9f

SHA-1:
3cd5b6f1b123e59ecc9cbc2483d7dd7146782599

SHA-256:
265b313e5a98166b8f08fcd0a0e34ec6fbc6d9a3a8476d7cf5a21234fe80ac8b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
12/26/2024 3:23:56 AM UTC  (today)

File size:
488.1 KB (499,840 bytes)

Product version:
15.0.4128.1025

Original file name:
Bootstrapper.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\users\{user}\downloads\setup.x86.es-es_o365homepremretail_06d976f1-1169-4d57-b55c-46ee3c0269c4_tx_db_.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/26/2012 10:50:41 PM

Valid to:
10/26/2013 10:50:41 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
3300000088590E3C511FE26A67000100000088

File PE Metadata
Compilation timestamp:
9/11/2012 7:14:49 AM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
6144:gK51qXRXrhWz+GVmJJHNZpeojLeGyTz4fJZ0iHfql5mGqvUTsARLOPKUKsYrZ:gK5qRXrhWz+xNZpeoGT4fHHfqJU2LVZl

Entry address:
0x449D0

Entry point:
E8, F6, 4A, 00, 00, E9, 81, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 94, 17, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, D0, 11, 40, 00, 57, FF, 35, 48, 63, 46, 00, FF, D6, FF, 35, 44, 63, 46, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, 20, 4C, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, AE, 4B, 00, 00, 59, 59, 85, C0, 75, 16, 8D...
 
[+]

Code size:
380.5 KB (389,632 bytes)

The file setup.x86.es-es_o365homepremretail_06d976f1-1169-4d57-b55c-46ee3c0269c4_tx_db_.exe has been seen being distributed by the following 9 URLs.

http://download700.mediafire.com/ojewa2eoe8mg/.../Setup.X86.es-es_O365HomePremRetail_29ccba2c-bc67-4620-aac1-ab44cb7a4bdf_TX_PR_.exe

http://download886.mediafire.com/ijdil681rv3g/.../Setup.X86.es-es_O365HomePremRetail_29ccba2c-bc67-4620-aac1-ab44cb7a4bdf_TX_PR_.exe

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=es-es&TaxRegion=pr&correlationId=e39907d8-97e9-400d-ade9-a59303a0c387&token=b9598201-df0b-4217-9dfd-0df1c0cc9216&version=O15Beta2&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=es-es&TaxRegion=db&correlationId=9d18a3a4-c101-493e-a9df-df6e43aa9a8a&token=435ce180-6d25-4854-bb5a-c81128671837&version=O15Beta2&source=O15OLSOMEX

http://download2185.mediafire.com/ml6a0xefl9qg/.../Setup.X86.es-es_O365HomePremRetail_29ccba2c-bc67-4620-aac1-ab44cb7a4bdf_TX_PR_.exe

http://download700.mediafire.com/mphdta9kxsvg/.../Setup.X86.es-es_O365HomePremRetail_21b575be-b309-4ac2-b471-aeb9868f92ce_TX_DB_.exe

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=es-es&TaxRegion=pr&correlationId=69e00420-4e19-4033-823b-8d1427d6d904&token=afe9cb91-5146-484b-ab10-b485e7841093&version=O15Beta2&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=es-es&TaxRegion=db&correlationId=0ce1c57d-1de9-4eab-9831-14a26de238fb&token=03438438-241a-4450-a25a-bec204d46b18&version=O15Beta2&source=O15OLSOMEX

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=O365HomePremRetail&platform=X86&language=es-es&TaxRegion=pr&correlationId=1361dd5e-9530-478b-9dc1-170f67df67de&token=12c5d69b-3325-4b79-95d4-91d33781796f&version=O15Beta2&source=O15OLSOMEX

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.