» setupproplusretail.x86.en-us.exe
Overview
Analysis
File Details
Downloads (26)

setupproplusretail.x86.en-us.exe

Microsoft Office 2016

Microsoft Corporation

File name:

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Office 2016

Description:

Microsoft Office

Version:

16.0.7070.1318

MD5:

97c6185a8ded66ec644afa13108dc838

SHA-1:

2f9218abf185a7ff528dc5c4026b8eeb3bc28b65

SHA-256:

8592587f50257ecaedc3e4052653526a43a14451e6ff7dc82294077ace78c33b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/15/2024 11:42:29 AM UTC (today)

File size:

3.4 MB (3,518,656 bytes)

Product version:

16.0.7070.1318

Original file name:

Bootstrapper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setupproplusretail.x86.en-us.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

6/4/2015 1:42:45 PM

Valid to:

9/4/2016 1:42:45 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000010A2C79AED7797BA6AC00010000010A

File PE Metadata

Compilation timestamp:

7/5/2016 1:00:20 AM

OS version:

5.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

49152:HTy27UJcDCupwU7mfpr8dX0oDY49nxEHhP5CvnjVhdaGeV3B85jHK2guG/6FYFS6:H1CupwU7Mpv85rG/6IFwvtFqJwY2s+Be

Entry address:

0x149B5D

Entry point:

E8, B8, 0D, 00, 00, E9, 80, FE, FF, FF, 3B, 0D, 98, 02, 68, 00, F2, 0F, 85, 22, 04, 00, 00, F2, C3, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C, 3B, 4A, 0C, 72, 0A, 8B, 42, 08, 03, 42, 0C, 3B, C8, 72, 0C, 83, C2, 28, 3B, D6, 75, EA, 33, C0, 5E, 5D, C3, 8B, C2, EB, F9, E8, 42, 12, 00, 00, 85, C0, 75, 03, 32, C0, C3, 64, A1, 18, 00, 00, 00, 56, BE, A0, BC, 68, 00, 8B, 50, 04, EB, 04, 3B, D0, 74, 10, 33, C0... 
[+]

Entropy:

6.5772

Code size:

1.7 MB (1,737,728 bytes)

The file setupproplusretail.x86.en-us.exe has been seen being distributed by the following 26 URLs.

http://www.microsofthup.com/.../unitdownloader.aspx?id=g506f64303234hc6ea2927831f4fbf97e10a0fbe2cec3d&dname=O16.download.name.32&receipt_id=866102762&culture=en-US&local_only=true

https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=PR&version=O16GA&token=NHFQJ-KXDX3-QKC97-BRC9H-KHJ3V

http://www.microsofthup.com/.../unitdownloader.aspx?receipt_id=844376391&culture=en-US&id=g506f64303235hd38d8bda4dd4478d9dcf2da498d7e020&dname=O16.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?ProductreleaseID=ProPlusRetail&language=en-US&platform=x86&token=N9FJR-M2P68-J7996-Q9X86-C9XX7&TaxRegion=DB&Source=O15PKC&version=O16GA

https://www.google.com/url?hl=en&q=https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=295c1468531546f08c092e2af99fa499&re=ud&rid=866061091&culture=en-US&id=0d9f799dcfe94d1d895a25a469e05a66&dname=O16.download.name.32&source=gmail&ust=1469471891855000&usg=AFQjCNFZzH4g05Exr7ccYETxH8IWYDpVcg

https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=PR&version=O16GA&token=W3FNQ-6QHYD-2PVB3-BWXQK-6CQK7

https://www.google.com/url?hl=en&q=https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=SG&version=O16GA&token=HJFKW-FNJDY-6K6DM-TR9GH-4C2QV&source=gmail&ust=1468766469487000&usg=AFQjCNF2WqwhZiQ5ZDFjSM_H9OFzc-IDWQ

http://www.microsofthup.com/.../unitdownloader.aspx?receipt_id=865227172&culture=en-US&id=g506f64303234ha2f81b1e2c5a4af3bc7443db484ddf1a&dname=O16.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?productReleaseID=ProPlusRetail&platform=X86&language=en-US&TaxRegion=pr&correlationId=a8f132a0-d205-4c6c-9f56-334e2e00fa88&token=bdc4372a-27c6-43b1-9e57-2c7d67015013&version=O16GA&source=O15OLSOMEX

https://www.google.com/url?hl=en&q=https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=PR&version=O16GA&token=T37ND-G27J4-VFTVH-JTPPF-8B6DV&source=gmail&ust=1468791852123000&usg=AFQjCNGY5OhQ98TvrbEV0vPMBJt8WaXVTg

https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=PR&version=O16GA&token=TJ6CN-G6F86-HGCPM-JD3Q8-WB6DV

http://www.microsofthup.com/.../unitdownloader.aspx?id=g506f64303234h4df1f669c8fc4463b31c5f77ca2bdaa9&dname=O16.download.name.32&receipt_id=866097009&culture=en-US&local_only=true

https://www.google.com/url?hl=en&q=https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=SG&version=O16GA&token=V22XK-7N36C-HMWHH-VK63X-2YT97&source=gmail&ust=1468677678713000&usg=AFQjCNF5u0IqEh1hY2AhwAlb6GT_q8KvzA

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=7N6JT-J48XT-462D6-4RKHW-6MT97

https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=PR&version=O16GA&token=NWVQR-BCTK7-8HMWP-X8RHW-K2FHH

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=N3884-8M9D6-8KHHR-WJHMM-B4G97

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=KKMNC-KHVF8-PJTRF-CW4VJ-VH697

https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=cceb5965e9084eecb235e53bfb6c7f84&re=ud&rid=552618616&culture=en-CA&id=3cbd7456184648ed9be3642f51c6a41e&dname=O16.download.name.32

https://www.google.com/url?hl=en&q=https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&TaxRegion=PR&version=O16GA&token=TN933-P67VB-R8PM2-72D67-G6PQV&source=gmail&ust=1468634641606000&usg=AFQjCNEdsrM3f8yxMGeTmi6zzM7nemYx5A

http://www.microsofthup.com/.../unitdownloader.aspx?id=g506f64303235he34355562eaf465094267661bf7e098a&dname=O16.download.name.32&receipt_id=845240035&culture=en-US&local_only=true

http://www.microsofthup.com/.../unitdownloader.aspx?id=g506f64303235hf4fb522e750c4a7f95f0245c88cb1a24&dname=O16.download.name.32&receipt_id=845231311&culture=en-US&local_only=true

https://c2rsetup.officeapps.live.com/.../download.aspx?ProductreleaseID=ProPlusRetail&language=en-US&platform=x86&token=FNQJB-D2VRF-Q7HJR-FFFMH-8HWDP&TaxRegion=DB&Source=O15PKC&version=O16GA

https://www.google.com/url?hl=en-GB&q=https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=9456e5cd99774434831fb765bb30841e&re=ud&rid=552677770&culture=en-GB&id=6204c499c06a4d479ae0cac8138a9d0f&dname=O16.download.name.32&source=gmail&ust=1469113894696000&usg=AFQjCNGl3lfn4RxNMxss5pngRiF92vM8HA

https://www.microsofthup.com/.../logon.aspx?cmd=ehup_activate&sid=56092f85881d48fa9ab294c4cc2df662&re=ud&rid=866076661&culture=en-US&id=8884da18336443f0a54450f14d815c7c&dname=O16.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&&Language=en-us&Platform=x86&ProductreleaseID=ProPlusRetail&version=O16GA&Source=O16VLAP&token=BP9NF-KWGWW-GD3YC-JJGHK-RM6DV

https://c2rsetup.officeapps.live.com/.../download.aspx?language=en-US&Source=O16HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1&token=2BNJ3-MQ39P-J84BF-9T4VP-V8RHH&TaxRegion=PR&version=O16GA

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.