» installer_powerpoint_2013_preview_15_0_4128_spanish.exe
Overview
Analysis
File Details
Downloads (1)

installer_powerpoint_2013_preview_15_0_4128_spanish.exe

The application installer_powerpoint_2013_preview_15_0_4128_spanish.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dk.takethesoft.com.

File name:

MD5:

5679893cdb1dea5472c49cd78940ec24

SHA-1:

aa752c299c3913f93f831b1b83c4f2240823b266

SHA-256:

c80fc5da7ebf9a817142e138d6e841a53f65bd00aa3d33d54d6fcb4c83f497e6

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 4:44:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Bundler (M)

16.7.19.1

File size:

1 MB (1,079,159 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\installer_powerpoint_2013_preview_15_0_4128_spanish.exe

File PE Metadata

Compilation timestamp:

12/5/2009 6:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:JxrUBzbdSRRxsyTvkxKYYD96OQAFLz9O9ZP41:zIBz8TWygxTc9e6

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file installer_powerpoint_2013_preview_15_0_4128_spanish.exe has been seen being distributed by the following URL.

http://dk.takethesoft.com/installers/axtan_installers/get.php?ik=tig&ua=chrome&ut=a588e527c7caf747a45264d4f0b15ec1&p=TVAz&loop=1&x=L2hvbWUvZG93bl9jcm9ucy9wdWJsaWNfaHRtbC9pbnN0YWxsZXJzL291dC9heC8xL21wMy9zcGFuaXNoL3Nlby9jaHJvbWUvcG93ZXJwb2ludF8yMDEzX3ByZXZpZXdfXzE1XzBfNDEyOF8vZC83ODIxOTgwMjdmYzUwOTRjNDc5ZDNlZjlhNDNiMjJiNS90aWcvNjY3OTAzL25hL2luc3RhbGxlcl9wb3dlcnBvaW50XzIwMTNfcHJldmlld18xNV8wXzQxMjhfU3BhbmlzaC5leGU=&r=3760131&u=L2Rvd25sb2FkLm1wMy5lcy9pbnN0YWxsZXJzL291dC8wMDIxMjAwMjEzMDAyMTQvcGlpZC01NGRkNjVjZDdlOTE1My4yNjUzNDYyMS9heC8xL21wMy9zcGFuaXNoL3Nlby9jaHJvbWUvcG93ZXJwb2ludF8yMDEzX3ByZXZpZXdfXzE1XzBfNDEyOF8vZC83ODIxOTgwMjdmYzUwOTRjNDc5ZDNlZjlhNDNiMjJiNS90aWcvNjY3OTAzL25hL2luc3RhbGxlcl9wb3dlcnBvaW50XzIwMTNfcHJldmlld18xNV8wXzQxMjhfU3BhbmlzaC5leGU=&aa=ax/1/mp3//&DI=49&JK=55&CJ=72&NB=35&HG=1&JF=2&DG=66&ME=97&ID=59&IF=12&s=4871697603077316689324897894855243302162570202970902382171557181421748095026223213552760926634787952751364987208663930922586964760936172660391157541543792399865969576832

Remove installer_powerpoint_2013_preview_15_0_4128_spanish.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.