home

visualizador-do-microsoft-powerpoint-2007-32-bits.exe

The application visualizador-do-microsoft-powerpoint-2007-32-bits.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from esd.baixaki.com.br.
MD5:
214c1a0a9fcdf8c8d996969cc2deaf13

SHA-1:
d830a929ad851d4797dd343ffcac3c9bdfef9847

SHA-256:
182de5d068b5c4ab3f4366572db67fd554c9ee2fd2f35c304ca59a0e4596aa9a

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/7/2025 11:26:22 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.137.202

Bkav FE
W32.Cloddcc.Trojan
1.3.0.4959

Comodo Security
Application.Win32.Agent.J
17952

Dr.Web
Adware.InstallCore.133
9.0.1.0223

ESET NOD32
Win32/InstallCore.ES (variant)
10.9559

F-Prot
W32/InstallCore.R3.gen
v6.4.7.1.166

K7 AntiVirus
Trojan
13.176.11482

McAfee
Artemis!214C1A0A9FCD
5600.6311

Reason Heuristics
PUP.InstallCore.ENG (M)
16.8.10.23

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.16808

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_GEN.F47V1109
7.2.223

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

VIPRE Antivirus
InstallCore.b
27518

File size:
607.3 KB (621,880 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\visualizador-do-microsoft-powerpoint-2007-32-bits.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:doMJfsGSC7gdiuK0gS+LgPN11b1uFuZCdNHgYhAD7f6IkAKDmk0GVevOjvnreBb:doMJfsIgdiuOVg/1pZCbrADb6I9KDmkG

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file visualizador-do-microsoft-powerpoint-2007-32-bits.exe has been seen being distributed by the following URL.

http://esd.baixaki.com.br/programas/44770/.../visualizador-do-microsoft-powerpoint-2007-32-bits.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.