home

microsoft word.exe

The application microsoft word.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from de.pc-file.net.
MD5:
2f6f5da706a608cf616e33dc700f92da

SHA-1:
4f7a41f46b84cafadea32b9fc118263478d4bba9

SHA-256:
71ff5165420c44dead5695200dd4a6bc4e7c16428a691c8216a3181adff040b1

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 2:05:20 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PUP-gen [PUP]
160518-2

AVG
Adware BundleApp.L
2015.0.4568

Emsisoft Anti-Malware
Gen:Application.Bundler.Firseria
11.5.0.6191

Kaspersky
not-a-virus:Downloader.Win32.Morstar
15.0.0.562

Norman
Gen:Application.Bundler.Firseria.1
28.05.2016 15:32:18

Reason Heuristics
Adware.Bundler (M)
16.6.20.0

File size:
164.3 KB (168,229 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\microsoft word.exe

File PE Metadata
Compilation timestamp:
11/27/2013 11:43:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:FFtj9DZiop52XIGrjKSBUZWijNutqGwSMixZhAJY/UA6:FFZ9DEq52hUZcYGwS/xZ7Ut

Entry address:
0x704B0

Entry point:
60, BE, 00, 90, 44, 00, 8D, BE, 00, 80, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
160 KB (163,840 bytes)

The file microsoft word.exe has been seen being distributed by the following URL.

http://de.pc-file.net/microsoft-word/download/.../6086

Remove microsoft word.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.