home

setupproplusretail.x86.en-us.exe

Microsoft Office

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office

Description:
Microsoft Office Click-to-Run

Version:
15.0.4805.1000

MD5:
a39762875b74977483fa69c4ac3507cf

SHA-1:
8d0167bcca312610ffbd71fe6b122511b1356111

SHA-256:
fa2e9681830e196e09b5c2137d9cb1e5001a94cbe7fe48fb7a80b75de619b8a9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/15/2024 12:10:35 PM UTC  (today)

File size:
1.1 MB (1,125,616 bytes)

Product version:
15.0.4805.1000

Original file name:
Bootstrapper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setupproplusretail.x86.en-us.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
6/4/2015 6:42:45 PM

Valid to:
9/4/2016 6:42:45 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000010A2C79AED7797BA6AC00010000010A

File PE Metadata
Compilation timestamp:
2/9/2016 7:54:07 AM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
24576:QL909d9pw7UCuLZsIkJRh0ORR22b8Jbb4u5gIkxRCUvgn:QL909dT2hJIORRdbi8IpJn

Entry address:
0x62C14

Entry point:
E8, 66, 53, 00, 00, E9, 81, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 9E, 10, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, C4, 11, 40, 00, 57, FF, 35, E8, CE, 4E, 00, FF, D6, FF, 35, E4, CE, 4E, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, 90, 54, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 1E, 54, 00, 00, 59, 59, 85, C0, 75, 16, 8D...
 
[+]

Entropy:
6.1882

Code size:
900.5 KB (922,112 bytes)

The file setupproplusretail.x86.en-us.exe has been seen being distributed by the following 50 URLs.

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&language=en-US&TaxRegion=PR&Source=O15HUP&platform=x86&version=O15GA&ProductreleaseID=ProPlusRetail&token=63NW3-39KF4-V8KR9-V6KWP-J42DD

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=4DN6Q-86M89-K8BW3-RYWGK-3RP9Q

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=N22DR-Y6KHP-Y7789-3VYVM-39JQD&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=PR

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=VY422-6MNJK-993RT-HY3PD-97363&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=IR

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235hb02824622a344026a1897ea0c793135c&receipt_id=844290545&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?TaxRegion=IR&version=O15GA&language=en-US&Source=O15HUP&platform=x86&ProductreleaseID=ProPlusRetail&act=1

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h4f70944de00143bf9d5ff1f00a933701&receipt_id=844200647&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303232h0086dd149f5347c689206d6b98a41562&receipt_id=841939497&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=NKTV6-HPWFC-8CJ3G-78HRX-V2XKQ

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234h7f366511d5904884a5473d21491af7a4&receipt_id=863973858&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=SG&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=2PJNJ-6HKQK-FT7WB-28FYM-KD43D

https://www.google.com/url?hl=en&q=https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=KCNRT-KYRF9-JGR6Y-6TC68-XWYG3&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=PR&source=gmail&ust=1460076142766000&usg=AFQjCNHwhkFsXUzwNp6coNZsuBWsZvJohw

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-GB&id=g506f64303931h97dda0b54f40463b8f1fe62c1319b9c7&receipt_id=476470426&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=SG&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=NDYHT-HRB8V-8Y7HG-Q6H6M-YWPDD

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=BR7F2-YNPYH-M2P2R-XCB2B-7MF3D&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=IR

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=V67XQ-QGNCT-2XQKV-9KTF6-9KVT3

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=KDHNB-HK2MG-8YTC6-9TM7M-FGBG3

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&language=en-US&TaxRegion=SG&Source=O15HUP&platform=x86&version=O15GA&ProductreleaseID=ProPlusRetail

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=247PK-N8XJT-68WFK-YJQWM-R6WQD

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=DB&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=XNVJ8-QTBX8-24K6T-BQDGP-7CCDD

http://www.microsofthup.com/.../unitdownloader.aspx?culture=ar-SA&id=g506f64303932h178617816e054e208341047720cfb49b&receipt_id=551219945&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=FMNQP-RXMJB-24QJ4-TF786-MKJQD

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=YP8PX-NX92Q-BDK8V-TGWJQ-G8YG3

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=RFX6V-NKQK3-3W2FQ-KB8DX-WTWQD

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=YMQN3-8KQB4-2BDD3-YBVTF-YTBG3

https://c2rsetup.officeapps.live.com/.../download.aspx?TaxRegion=PR&language=en-US&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&platform=x86&act=1

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&TaxRegion=PR&Source=O15HUP&Version=O15GA&language=en-us&ProductReleaseID=ProPlusRetail&platform=x86&token=2NBJ2-6FYCX-89B8R-22C7V-8HR3D

https://c2rsetup.officeapps.live.com/.../download.aspx?Source=O15HUP&language=en-US&act=1&TaxRegion=SG&platform=x86&version=O15GA&ProductreleaseID=ProPlusRetail

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=QBT78-N3B49-W4B4D-YTJXC-27GXQ&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=PR

https://c2rsetup.officeapps.live.com/.../download.aspx?TaxRegion=IR&version=O15GA&language=en-US&Source=O15HUP&platform=x86&ProductreleaseID=ProPlusRetail&act=11

Latest 30 of 54 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.