» x17-58137_excel_en.exe
Overview
Analysis
File Details
Downloads (25)

x17-58137_excel_en.exe

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from www.tagbulkmega.com and multiple other hosts.

File name:

Publisher:

Microsoft Corporation (signed and verified)

Version:

14.0.6023.1000

MD5:

f07887b7ea0cf104e87feb410ff357f8

SHA-1:

349330f9d6c98b821bb547f3648131c0a54417f4

SHA-256:

855e9eb95926d286a18830d2dcff2b8d14eff1555afbc1d447b4bee689998525

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/24/2024 2:45:29 PM UTC (today)

File size:

725.9 MB (761,140,000 bytes)

Product version:

14.0.6023.1000

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

2/22/2011 2:23:12 AM

Valid to:

5/22/2012 2:23:12 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6101B29B000000000015

File PE Metadata

Compilation timestamp:

3/10/2011 6:10:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12582912:haIn4IsKYtgVGyPePii4s/LSmxXvJWLqt+gzxx6Y+980ZDOwz5VZGi:Pn4zbqVpeb48hxxWLqYEPuS01Obi

Entry address:

0x2EACD

Entry point:

E8, 6C, 3A, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 24, 03, 00, 00, 8B, FF, 51, C7, 01, 64, 9A, 00, 2E, E8, E4, 3A, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 1C, 3B, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 68, 9A, 00, 2E, 8D, 7D, E0, F3, A5... 
[+]

Entropy:

7.9996 (probably packed)

Code size:

282 KB (288,768 bytes)

The file x17-58137_excel_en.exe has been seen being distributed by the following 25 URLs.

http://www.tagbulkmega.com/9yy2FZ7Nl6hrIvgLG9gjmu6loagTZbjOk41LILSkHyXmOoY3SzfjHquQ4nX2LuWKOa0RoAi5wSgzWA2OLWcP97yprlgbUEK1D9yWxYYpYfBezkRpZDbmo8zUoUf0Enszegi0q WW6qLeWR pLaFPHSmog57RiiMVnKl2OjDCC2JDSX1fypOHwJUVytObhd6pCD5TTnQpYHWUeaxR5rkNaL4Xj8Ftl6R5dfj4vfbTO21TS2uDDHl4_bW0CzJPelvSEc8PnNHkkGdeh9DEeRGndYeWxGVkK50lge18fkl6hZuAmAYGDVwjB68HedYndUgHE5heTPi8WgGC7kNe3it7zA2Uhb cOs1Tu8qYV8H Xy4u_hSFiRyLH0wP7q9ib_5jkhgvBn1f IjksHC1GN6pVXSwfuB0GW5GpPkkTSKbANpcQ2_9yC_x9OG4ZyCjmOQfjBT5mAP24vnCHpsYrdqoApCiJK_olBNkLDkdEPilf1bC2irjXN_xzLarG1ZCafC5U6BY63z0-G1YAAGRgnq2tScjEQXDIAft3sSzQAK3ONu_T fW6LSF oeU8r343SpnDvdHWFxx 3bBDw2 Qny8x9KbAeP91jXl8ErJ gS7RNSkwiCjBYDR9Hg==-e

http://www.universecenterbits.com/y_cFacDPYKI94zJkWK45myLpVdSKrRNFRd4g3 t9322PK7My1yAf5UnLORL8082XUcOhzjzV6DJPCqKS0wZg1dTgWeDwUnfCF44nmNl7LZV6AMjNVKshFffQ0H4wHXQ3r4OYcO7yNWtARwwpVsdUhc7bKex88RwdOTdEPcui4H fnybGtm8WI6TG9Igy9gFZDU722DZz-G1YAAGRgnq2tGRHWCXDIAft3sSzQAK3ONu_T9fm8LiF oe18voxHo0QB3Btt_cHpO0xHaPpO8uMpnr2_wjjar0m9_9mayRTt8 4DTCJKMChCIBSLAg==

http://www.stockbundlesquick.com/oeXGqq0bV_PZFG8VhXoB18TNDH__7NVNt3F8GN 3iHGchm7ljibQJe3hSQo5ORMXtR4I7lXpF58TYElM2g5wv9vfOuX3Rb6QbAv9Y_wguT2m hv0xQc_kxb 0yaOalZcr 7EfF73IUSs IxmYau_eHOiVC3aXmOoA8ZIuG4Cuqvgw2GnG2gQEL_T3rUqOfCCx1QmOvVnl5tjONDaeiZJiCee4J5v odvO4YlTsQSHtZD_k4r_s6sfIHj6D8BZ18hsrzEL22zCxPWTBQaCC5n1uGqva_HQx3jjsOk5lzah3xdjPyPHYCBms1xfv78twOgGk8JCPRl284AtR7peLBrESLSuldc4PZjRAcN0J hG2wlXRbXhh1QEiG1kEcS_ZJSQgXOdxSHOrXLO_zqJVT02QHntzPb7SwKZPht_c4WgLOx_Bb9ZlZ1 p6ugHqCm81YpWbcZfo0iZIrVAacvgV1Vm88Gjj0Au3Wua6RZ5L0IEsQxiyDs0tyziXkoN2VDil5 QA6wjW-G1YAAGRgnq2tSWrSRXDIAft3sSzQAK3ONu_T7f2 LyF of16vU1no5Q53Btt_cH5P85naP7P8ust2nmCkE1QeZ l6tugMPbnY12BWUQJmqVojMBQ-e

http://www.newbinariesbundles.com/pkh2ArSaU6spexZIDXFw VcGINVjAoSeWFtNox8K81gwbZmIHiOLhtt901K9dnZHH0LsYT80mXtZyqN mIotbCBT4ObhurDR97H2 OpM4ik XJGVpFjfUNRVJUuHkGM9PO5iQv0zXonVimtIRPRO9BRyMTZHNb7kI3HijZN2bk46obUHnH a7cL2TnqpeHi2bZ3dDjdK-G1YAAGRgnq2tSejEQXDIAft3sSzQAK3ONu_T6fm8lhC_0HwcZ7cZpczh3mjrD_bftt g_tvLj6c4Rv_5dDzzSzyTJk5qn46ojwr0IkrQDEHhCIYA

http://www.centralquickcity.com/xAM2ov6lpUJuJ8fWb8Yt3nNWK4xbdZLPbh0yuHlcaXUtcsE_l7A4jURmXzQadQRrgWIzqEhSuFaFBFACRN0ZBN4jbG7gdEOmGzk4FWU8z46kk4nehna2sk15APLxCVPh hCx4Kkzn JV9nP0fiAlJHGEbymQorRYMid0UCIbAlkb6OL80sxgYhHV4RijWVEjWGvCAovGgJT76iSIfyZBA_8sqCETVe_IHlfLFRBne544oTCKfFHElSW32gdw9zKOwJhDbj5tK2lqmeuNyruDB5dBkEx97bwXydkg_kaNexRodx1W_mKwka7JOBMRaM1lAoQPrNhCvfpqC_T zHYpPUGB9nqRm5Nlp6Lf6SH_1L3GVWBx7v4RwBzRYbRA5M2GXG90DPhlvHwQlN0HzDBZNOGnbna6G9ycGe3R3F9o89dp_bVOZu9TVR6DAYf5W5OhHlDVud0Uxv6Y3zZK5aZ0rMTb5Cz4zjsd3pK0o8hvGBRcu0e7eOzTZZP8gq9l3YPr6_szIz5O2qO1sVw 2mh_mrcGvlRkvA==-G1YAAGRgnq2tGdGIgH5wyAH7d7Es0ACtzjbv0 66tiXEL9Qvy1pNRokCuDfa oP1V9YTVH 1fF7i8rDgtc4nwmSkaimIfX3__AVqESUYjMIQksYB-e

http://www.ranchflashsigns.com/yGT8RkrahbowtRPHawom_MWkkUGPwE3wXpapIcX2hnwHtAzSon7zVyjuzaNPY7F1ICY_ xQgD 3F5PBodlfW2rL9Wc5UTpbqJivpE8nhn_hEKvoxsbMUdEKj7iA23CLTz8XdZyF0XcuauB9bpqVZqIbAI8qsYL4t55EwwsshDxXhIa6GiUVfkzcnajEB 2tvtg8067sYwMkw26gNr7SW3VVlsgroUJZ1NXjY7s7Aht0fcTjpZkLaCCMNwtknOdumCIt5Wa1c8bOjzDhQwFHHSnI0ML3R_wEYX0UUh1Z3oltNqiJLm8cSqMdByrib0roD 02xaxZZFzbPHNABymdCAXpBJ5vhNBu_8Gsvuk1R6YkVtEpRYuPBpxem9ZsRcaV69O8SJxZhD5Ed U3Eht4 MnPiTkdWQYXfCkJ4LT71Rbnz0kkuetZiWkEdlPbh861B6HBQDjXRIx6ot0tJp0WdYjQuAgWJO9zaaf7KT1wIS fqqUg4xT3R8AC0iHfQfkxxKJc_VFB -G1YAAGRgnq2tQWhgBfyDQw7YvyjQLNAArc4279PuurYlhF oX5a1mowSh3BvtHUF66 sJ6j avm8xMSZ0YFdhpQlErsjaMP8V0QL1CJKMBh7rCk=-e

http://www.conceptssafepresent.com/Grg0l2R8Z_12vc0xO_wOuezWULrftcnhdeSrngKPtvk3iKS ffjwyczyZ4rr7p6VSBgpyH3I7Ez7XmuQVMR3q8L4GOkS6ysywV0qGiujXQOtRjrVn3kDXXVIGVkxjtv4O9XGFVWcwXL0vGeE6_3howYcuEWGC amN7vrTZJrCZRr66aoHQU38Jz o5AeUFiLHcTOPcgfBAb 3vMyLAC2FUfM RWnheC4hb0vCkQc39xkqQNYnjX7ud0hjDQ3opcoGbS6zBpDtvfQ6c8PhAOve0s4 6pnVNX3Wtg2zpmp6YIvdt7LVDnUaw4avscBVmSq7 QteBb11idne_qzt9rL_lGvbSX5_ulJYAxcVoZoTT6rViaetzanL kTDEeA5oDZ_an02oLEKqJxRA1iuryJXU_D5NU2F0RpjoyMc78JcZtv0LqD2dLM197d 4OyrNYbbsqMiVMds3dmhksTXp5AMgN7Uln X4v1nHTY6lVuJjxUYtwJgN5Ls8uUApmKLsiHOU JUj9-G1YAAGRgnq2tQUoAb4BDDti_i2WBBmh1tnmfbp_P6xLiF9qdz5f5aJQkgnujrT 4fKflCC3fRX48xVc83Ry8RP0_abyvHehe9BsYAIuIEgyOUzTLEg==-e

http://www.repositorycyclepackage.com/1hQlZyNwmH0uItEIQvjLS84olTOajKFJRaZZlsctTNhfkA6B zSg3yakwtZtVo6XZQciKxC_B2TC5FqKZjDAfie_2IyW1U1oCtbdFDn4dQ69lYNoYnOfVlW2HXQ9CCU_uyRsabpGsc7pwRqUZBwZw78S3xhv7XDD856t06gMEI_yWWOjMI2d7pEhDvhhmeiKf9745IDC-G1YAAGRsXWvX9NY6MyRwyAH7d7Es0ACtzjbv0_Y81yXEL rmeSlHo8Qh7o22_rB6i2pE1VsZx6n1peV1CZGYbf7F5w2j_mOJDyqNYkXCckQSRA==

http://www.grabvaultstag.com/1U6kk3ghikwbAwVRFYr8d1CAXhZ3x 70tOth7R9mFaHJz26bxv84NsIofKbk9fRfMIn27YItkhfYCzuMcyktHZ3cgIzQVe_lCNej9WAUIh8efOz8IjRw2KhJBfTHGuwMAf8RTJzXIrl5I aA1DPRviQAxq GDnZisL7LHTd1uptRAeiEIGFQ78JGENLmy8y1QJprbOtHbSL2M0fmBZR2Zb_NbjsC9eMfjvqsluroU96jKRWov8rIRNLEj7DjokTI3NhnKBnpfMGXnEK1PaQsDwEehmlSZWKl529LRoSxk LkEN 4iQGN2T7D3bERyPNgLM2o68vlLgLbFUz2TKglFSpqbzGj4MHSyUwtnBgqfTWZSiiLhXkwueyQA7wYRQA0rCxbvSJ_TEKGrxjvxOeASsxK2w4YA_ZjL0H0vwbaybnqS0NpN1mLM6eC0L6uJs_etvmU_7nHZxshkQRxE4BV8UdK1IUkXGCcDejXjnZHNIf1sfjKclpR0FWBXHAqzVBYBDpg_F9-G1YAAGRgnq2tmckN1G9wyAH7d7Es0ACtzjbv0_H5PJcQv9C070e7GsVz4N5o6w9236Zboe7byY niNzxGYLFF9fczl7Pv _b2KQCnYgSDMagKEWj-e

http://www.signsranchbest.com/BCcmpjFE_7uEgE9x28ue4Z52_1O_egMmeO4Eura5idHghyELYAJHeJP680RU8tMJXZa2NfYTXWAOBRMSZAqiTJiheLDeplw S5WKqYU3GHNfcSkKpmlG16mVh8KA_8HsJM5TcNX0wym5H37zMicY y1OOIUsFJqY6G HkoTlqUKmch3hGua3ipAksRz8CdrlGiPjW2BsruJZNjxP3Ll1h0Y0kbYC0UGcF9MXk2PZkVCKsTq6sg0RsRLQeGcool0S0dI_XJaI3pDo07gQZkkZ3twhDfUfADnMSTWmYXciF KrVR_ueHRKxBL66KwAxfslD3RAdIDasxcKPstsMzTAOjsATxF3Mb9D8cHhp0G9wd5IoyYsCXKRLD2zvo3A8DgKQ OouOU81k64rV3xrhvi8URtJzibZXmq1Oz2ap9zXAhNODV53cU3HXcUvVLuW6JLc0jZRjF46dOtgxBiNnsJfYU2KJ2zQ1O1ItJo_Ic5QLjMhwhqKEswcr5UF_53sWAsj0QgeW7o-G1YAAGRgnq2tAaggL4JDDti_i2WBBmh1tnmfLs_ndQnxC63n82U4jBL6cG 09QfHbz8e0Pgd5cdTtLPP1F9Iq8b_hvfH9e0RzFcVGEWUYFCaJEmMAQ==-e

http://www.signsranchbest.com/5hrFMXEx4bEKSSzKt1yLkhedAu_i97EI_9o4MIrNPqPkwRxx Z_l6DIDdfuZmZjeuKTlVdxYtW1SqyL3mq2dHDta3ir84soj5i2qRDC6iR5f1BxKoqGO9QAdCVU3agPqV72GGRy BmUssRW1cHKEIjE7F aQfk8PVcooJ9_mRVicaY1vhA 17cyr8XlRdNGfk_xPnvxHT6mFQIH eUyccnx9LtSjtmNPDazQeWk1NQdCJIts5WXTSG9G5GRaXpTfTzqftoqToA6DoYt7D69Ovc5T2Evy8RAh0V22kEF3JEc90TYMs0dD2o6qwRPLRTA CaotYPHuAGWXMSBD aMfUdKad1LVDw0gI1l4rq2CQKRrRenV2t2StItvFLIYNDUBB1USiGcPIaTKh dqNUUjFPZXE30S9vD2 9bZEgEzDRvX8OHqccF7S3 Q9i2p_ZvKHkeskjMX2m23MqdKV7IOvdhhhi5Ve P5DtAyI_a6jUFw6zj0HYc5FaAlHH6CvQXsZyE1nh3R-G1YAAGRwXmtrO4AmZxsccsD XSwLNECrs837tL_vfQnxiwzrutWzUdIY7Y22_rD5q2ZGmr9Rr1vO14hkdq7dvcRI dJ2DjN2P9DIOMXhLM0QGAk=-e

http://www.citytagcity.com/NBiMOIZ8hjBLWztI2R0cO6heeUNs49dAyBEPHeqyFdqGymAoNEbtwZJO9txToqB xYDr7U9YKFCvAWB6ZlHtsd3vy9MuqKkKZHN7LxgDrYjKDxFnSNmV FFjgJYTCBqJTpwdf_koNRUcprd7zSoR6RW6XtKeSa98VK4W6K46tpu_k5R82FllKPw_ohIhTC497r lc6O-G1YAAGRgu_d6AB61AYFDDti_i2WBBmh1tnmftue5LiF oW6el3I0ShzCvdHWH6zeohqh6q3k4xR79DZLymnG5zZM_Z4ZNe_ B6hElKBJgmZYDAc=

http://www.conecptheartmeta.com/ i4IgHyyaxOPlJYMdOjDdyfyHRDmuCtObmLd2oQJgKeL5CNstQMkjoxRa 9QhaJxhyFGFoss1GYBMpNJuA0yKgZ0EF4XagSPISRaUJqbYr4GCYGraroL028LMVXt90yJSyGZFhOFNXi7gmOZqdagnnqPGwoDLAfl7QTtBFTNScOMNXlY665me9FrL3UPdTU4kEAdZ9pA-G1YAAGRwXmtrB5zADBgccsD XSwLNECrs837tL_vfQnxCw_rutWzUdIY6Y22_lDzV80MN3 jXLdUU2SW2Rq5OmbrT_pwnm3sfqCRMJKhOJzCMRI=

http://software-download.microsoft.com/.../Excel_2010_English_x64.exe

http://microsoft-excel.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-emqiQoqWfkpo=

http://www.sharefuncurrent.com/tGDhS0xkNTW_2B2Hm7EXXpZETSVmGRM9im4j3TbFLBxW9QAxSQZTxDNPIWEw9aKv3gvB853FqgiIW0aG_XL77rSNZohfpi6uzQgZK3WQe2rCmcY3F6SVIe CgTLmRN1Kp2n_0 JHKo_KieDgDgKPh6fopjqmCCL9qxFYLEzx 3sv7H2o2pNvQmAhQg ms5wcEEYa zpQKWgnF3FSkxSgXJ4tqq noVNLuQZHpK8kBZYKPh4M9dJqtI3iAWRSlCk0nox7fNYfzMTqTXBKPrYh_t W2xx9UEvkVDnmNbKDWtDMn1ufHhobuN 1Lu_oulbgUPNglbVwKkZT869nKauG__OFRLOtbH 241Rk83H5fnncWMdZXgsfF0NdGlewJFaPrZZbD24XSajLqqtNkHEeI2xprGyqx32q47EV06jtkXmEtpeHONau96LKORCL8eyMa8YHt99 PUR_5if2ukSK LYfY0JBQil6I5 dEIBUXSL8NbmtCxe144UO6Cvzf2nKgVyPb_4U-G1YAAGRwXmtrOtWexAgAHHLA_l0sCzRAq7PN 7S_730J8YuGdd3q2ShxiHujrT9s_qqZUfM3xnVrm8330vtW3iqKXlGKuTU7hw8ajWIFSWQZWqAB-e

http://www.conecptheartmeta.com/l31JRRQoqxFeORz8lB13GpLcOYBgGH6l6oI8jh3PAKyOEc4wybLFFDv7cBohyGyzmpS6PFUv_dax7maQ_zJHJ_5ZizfO__jCJpk5AVzVcYxyxNNaW_ ROgiMJUa_8gN481L8hJPUfxQoRQtIShgtoxnCQIhbce6haFth4_za8B8J8PdA9rbfe2kNw6kaXweDB28K2Bbn-G1YAAGRyXWtrezKR1wGCQw7Yv4tlgQZodbZ5n3bXtS0hfpF WdZqMkqWoL3R1h_WX1lPSP3V6nnJWrIkrUOb9P_fvrG1QW3G QtqGadYmuMYnKUA

http://www.giftchuckleflash.com/Pi5MWsRzo8T5p7tUw_M2vmQRnNAE9U8GtVgxFmJI9P6zgjZkOyS7YOJ7B05dRPVK6Tw9kPraU2aghLBpBBop9qJFVZJfXLjWYwmyL4uk5J5FgRZMWM_zywkL7gwZwaNii674qIVmAeEL45tFmzboLKQuRcIZ1UexVAMUzN1mSIbOYVhtx43oy63nqPInl4ydvzFLMmBz-G1YAAGRgnq2tSYjyBXDIAft3sSzQAK3ONu_T9f2 LyF oe16vY2nUcoc7o22_uD0H6YTmv6T_HqLFlPfd22KozHY_bqJab820QWYRJSgGBLFURIB

http://www.laboratoryguardtours.com/SuFaCUFe1G4PN355PUfn8sgE1e9mmgekYCitYLIeGarZal69KZ7adtd7XRwm5yTBhwESB1bIBmToI_tJOfjL0hA_nKwIJLY0HbManA5V0r tf2J7 J2NrHMnMG9W5pMWWK78kDGWhuFelYHMtIgIU1_eugtROWfv35N9GfiVdhEArBvDwo0KyUVCo6KCqraPQsL6 tm0-G1YAAGRgnq2tQY4QLoBDDti_i2WBBmh1tnmfru_3fQnxC23X6208jRIFcG 09Qen_zCd0PSf5NdbbGL_7C7HN228X47aBka8HFUFJhElGAQjUArHAQ==

http://www.giftchuckleflash.com/Ir_Z7gyK0Dh0XjYdd7g5DuHWD_WJ_ecpNjtPH6vU XjDrmEuKelI_0PgG6lAJ2ETdVhXyIGndolFu_QUfHKDrKX16RjCKWF0irz9DPJwHEVm7i_DL77doQHtph8uKcPpWdQO9ZxhoAanlmONB hYEx1B7YISMgLDJt_5nftij0 DNKWjcvJJnkgSMXnrXt_NOIsZAMqZ-G1YAAGRgnq2tAWhUsg9wyAH7d7Es0ACtzjbv0_F9zyXELzTt 9GuRolDuDfa oPdv lWqPt38vOKBJMbdBdkX1ffFupfNBFZhD gE1GCJkiCYSkU

http://microsoft-excel.sv.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-enKKHpKKhmJc=

http://microsoft-excel.ru.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-enKOMop6ml5Q=

http://microsoft-excel.da.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-em6iJoqOflJc=

http://msft.digitalrivercontent.net/.../X17-58137.exe

http://microsoft-excel.sv.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-enKOKo5yilZU=

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.