home

microsoft powerpoint viewer.exe

microsoft-powerpoint-viewer

REDACCENIR SL

The application microsoft powerpoint viewer.exe by REDACCENIR SL has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from d1w467en2eqqh2.cloudfront.net.
Publisher:
REDACCENIR SL  (signed and verified)

Product:
microsoft-powerpoint-viewer

Version:
2.2.45.0

MD5:
e5e546a4456db13a28a564dfca323615

SHA-1:
3630d57d66238166f418c87df7e1a29aa0bc9b2d

SHA-256:
e05634bd07b234f23886fb7f8e58eeb0cae6c8228373c04ebfe2766dc670dcd0

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/19/2024 11:12:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Solimba.B
7.11.54.186

avast!
NSIS:Solimba-B [PUP]
2014.9-150705

Bitdefender
Gen:Variant.Adware.Solimba.1
1.0.20.930

Dr.Web
Tool.DownLoader.46
9.0.1.0186

ESET NOD32
MSIL/Solimba
9.7830

Fortinet FortiGate
Adware/Fam.NB
7/5/2015

F-Secure
Gen:Variant.Adware.Solimba.1
11.2015-05-07_1

G Data
Gen:Variant.Adware.Solimba
15.7.22

MicroWorld eScan
Gen:Variant.Adware.Solimba.1
16.0.0.558

Reason Heuristics
PUP.REDACCENIR.Installer (M)
15.7.5.16

SUPERAntiSpyware
Trojan.Agent/Gen-Solimba
9772

Trend Micro House Call
TROJ_GEN.RCBH1KT
7.2.186

Vba32 AntiVirus
Signed-Adware.InstallCore
3.12.18.4

VIPRE Antivirus
Solimba
14632

File size:
177.8 KB (182,088 bytes)

Copyright:
(c) 2010 (Build:2012-11-15 09:06)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\microsoft powerpoint viewer.exe

Digital Signature
Signed by:
REDACCENIR SL

Authority:
VeriSign, Inc.

Valid from:
12/22/2011 7:00:00 PM

Valid to:
12/22/2012 6:59:59 PM

Subject:
CN=REDACCENIR SL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=REDACCENIR SL, L=Terrassa, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71215C0E2FF8F33A61438B1BB7D0D7D3

File PE Metadata
Compilation timestamp:
8/30/2011 10:46:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.21

CTPH (ssdeep):
3072:3nOn7t7XpdpCCTg/sxFgJD3sxC8LdoR8ZWsw1b80mZl/kGZ74WzAv4ZKKpua60mU:3KpdcCrTqp8CRtq5v/73q4bl

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 83, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 84, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 84, 42, 00, 56, A3, 40, 6B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 6B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 84, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file microsoft powerpoint viewer.exe has been seen being distributed by the following URL.

http://d1w467en2eqqh2.cloudfront.net/2.2.45/.../microsoft powerpoint viewer.exe

Remove microsoft powerpoint viewer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.