home

microsoft-office-professional-2007.exe

Nokade

Bibado Investments, S.L.

The application microsoft-office-professional-2007.exe, “Nokade Setup ” by Bibado Investments, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bibado Downloader installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.ranchmetabits.com.
Publisher:
Tan   (signed by Bibado Investments, S.L.)

Product:
Nokade

Description:
Nokade Setup

MD5:
2d1ef8cf97829994994236d4897c357c

SHA-1:
b596837fb9f9dcc4699f2d4f8eb900ce0ffb94dd

SHA-256:
6fb9125ef46dc8551be53cd677a2ad40169ce5fb7ee95673b5843aaa78ac41af

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/6/2024 2:37:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.6

File size:
1.1 MB (1,175,944 bytes)

Product version:
4.7

Copyright:
Lite

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Bibado Downloader (using Inno Setup)

Common path:
C:\users\{user}\downloads\microsoft-office-professional-2007.exe

Digital Signature
Signed by:
Bibado Investments, S.L.

Authority:
GlobalSign nv-sa

Valid from:
1/12/2016 3:57:03 PM

Valid to:
4/2/2017 12:32:01 PM

Subject:
CN="Bibado Investments, S.L.", O="Bibado Investments, S.L.", L=Alcorcon, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121212301396FAE08B19C17F8D9578163C9

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9835

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file microsoft-office-professional-2007.exe has been seen being distributed by the following URL.

http://www.ranchmetabits.com/x9WycypVrcln_GZ3Rya9qW1v3Fpd35QJe0gqP6qOSicLrZyLuimydBEGMV4BOUFiyNsOHC4jsUp3ZfJ94dqGUNO6k6sXqcz8r1ODFevO4NYXcN_XJWP1k7T73irQCNlHqMzeoNY7qMpqMoK1bzwpHLKRDRx93Ltm34k_y tW6qqPbvtchB3IXQrGNPxwovyJO0gcFG70HvqdJerNNSZBNDsDtx2bg==-G0UDAGR6vafKYhlodRfoh2gy1otgIgfsbTHEfBJ7bxx4ssbIzyIw9wxMxVCeKRgOvHczuD4nKLatVlHOp4OtKyZbh3Wt9_nZ3mqEVb9M XLE TUxW8RCtTU4hYNnkNw8Qk4V5b4v2EgbGVtdJiEsADkwu33t8umaKteADrhVACcLJDhYWuz jL6dRcQT knRm8SH8R2812R43bQVwvNTwbfgj dGeccNK39O2Cf2VXGRuHvvwdFIO7vCNEk7zfIk 7Zy21D3_fI09xb65Bfb5_RO2khhgWuxoCdcVi9Ex_IddflDSatD7pgn9bwz7sKqXxSmWV 7heCsWbMv0QeRc6wVu6juKFV9kCKpTSGxKQTZSohasC QlGLeLk9GZgqMh6DHy uQT7exuTLD4Swfg2Ce3G23oMQt6Y01RH6Lbg8lhMYmw9a8bbsPf14nLANfhOfRdbQyOpcdEfDCc_NBEtfXe9oWIm3CBBhzb5pCaVC mu3XTImJErNuwxboYYBNmnG_Qu56NKryRn7Pss1cUtLisojAxPvInsqxaiKXdnGoezRh FjpP7Phi8qnP1cA17sfYSjWftxjmXZ3JVLCAk9fdzLPGGjpym2QoxkqIy41bh3ZlICuPkZ6Ng1MAXVK6yM1qNk8IYs1zkG5ouFW0HyD2BF3MzcKALjXmDyKXV880gB9_axfUjemXWNKxp3oiEHuwzaZLODQ0OsMD3LiwT3O8za0ulsODBCvv3 _ib

Remove microsoft-office-professional-2007.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.