home

2013officeproplus64.exe

Microsoft Office 15

Microsoft Corporation

Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft Office 15

Description:
Microsoft Office Click-to-Run

Version:
15.0.4433.1508

MD5:
658ce3d28919d22e1151a58ebaa8b5f3

SHA-1:
42d3d4cee5c4c335df2571426f3088924ef56b4d

SHA-256:
21420999c268ec5e5e97b2add46556166e04f6ceeacd8fd36c46663ea55f0c57

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 12:31:49 AM UTC  (today)

File size:
739.1 KB (756,840 bytes)

Product version:
15.0.4433.1508

Original file name:
Bootstrapper.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\2013officeproplus64.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
9/4/2012 2:42:09 PM

Valid to:
3/4/2013 1:42:09 PM

Subject:
CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
330000009D1E8D27AEB8F3D83800010000009D

File PE Metadata
Compilation timestamp:
11/19/2012 8:38:07 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
12288:mBJnKcCYARDjdgL8Qqs6ZgK9lAc53NcNt:akjdgLIOub5Ut

Entry address:
0x3F198

Entry point:
48, 83, EC, 28, E8, BB, 54, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, 90, 90, E9, AF, 1A, 00, 00, 90, 90, 90, 53, 48, 83, EC, 20, BA, 08, 00, 00, 00, 8D, 4A, 18, E8, CA, 55, 00, 00, 48, 8B, C8, 48, 8B, D8, FF, 15, 76, 21, 02, 00, 48, 89, 05, 37, BC, 05, 00, 48, 89, 05, 28, BC, 05, 00, 48, 85, DB, 75, 05, 8D, 43, 18, EB, 06, 48, 83, 23, 00, 33, C0, 48, 83, C4, 20, 5B, C3, 90, 90, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 48, 89, 7C, 24, 18, 41, 54, 41, 55, 41, 56, 48, 83, EC, 20, 4C, 8B, F1, E8, AB, 3E, 00...
 
[+]

Entropy:
5.6075

Code size:
382.5 KB (391,680 bytes)

The file 2013officeproplus64.exe has been seen being distributed by the following URL.

http://dl.evaluesoftware.com/2013OfficeProPlus64.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.