home

microsoftoffice2016 key.exe

Microsoftoffice2016 key

The application microsoftoffice2016 key.exe, “Microsoftoffice2016 key 1.6.8.0 Installation ” has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from dc305.4shared.com and multiple other hosts.
Publisher:
Microsoftoffice2016 key

Description:
Microsoftoffice2016 key 1.6.8.0 Installation

Version:
1.6.8.0

MD5:
159d2a48cc690b0e78489cf444e6e555

SHA-1:
3806b0f40df05d3903627b64a6120b7086c9b6cb

SHA-256:
03789cb2bbfaec649688b8186379fc86ce21d5778220c68e43d93489934aa927

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
5/12/2024 9:12:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bitcoinminer.F
379

Agnitum Outpost
Riskware.BitCoinMiner
7.1.1

Avira AntiVirus
TR/BitCoinMiner.Gen
8.3.2.4

AVG
Crypt3
2017.0.2857

Baidu Antivirus
Hacktool.Win32.BitCoinMiner
4.0.3.16122

Bitdefender
Application.Bitcoinminer.F
1.0.20.110

ESET NOD32
Win32/BitCoinMiner.AX potentially unsafe (variant)
10.12856

Fortinet FortiGate
Riskware/Sim
1/22/2016

F-Prot
W32/SysVenFak.A.gen
v6.4.7.1.166

F-Secure
Application.Bitcoinminer.F
11.2016-22-01_6

G Data
Application.Bitcoinminer
16.1.25

K7 AntiVirus
Trojan
13.212.18401

Kaspersky
not-a-virus:RiskTool.Win32.BitCoinMiner
14.0.0.779

McAfee
RDN/Generic PUP.x
5600.6513

MicroWorld eScan
Application.Bitcoinminer.F
17.0.0.66

NANO AntiVirus
Riskware.Win32.BitCoinMiner.cuwlis
1.0.14.5380

Panda Antivirus
Trj/CI.A
16.01.22.02

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16120

Sophos
Bitcoin Miner (PUA)
4.98

Trend Micro
TROJ_GEN.R047C0EA416
10.465.22

VIPRE Antivirus
RiskTool.Win32.BitCoinMiner (not malicious)
46454

File size:
897.4 KB (918,890 bytes)

Copyright:
Microsoftoffice2016 key

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\microsoftoffice2016 key.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:NANwRo+mv8QD4+0V16BcHoQppTTCVNg3+8iQovxUM4SB3wfAac2eCr4NyC56igYO:NAT8QE+kmkCVGunQo6kBlVCgL6i0n

Entry address:
0x25468

Entry point:
55, 8B, EC, 83, C4, F0, B8, 88, 53, 42, 00, E8, 24, F2, FD, FF, B8, C8, 54, 42, 00, E8, 2A, 1C, FE, FF, 8B, 15, 40, 88, 42, 00, 89, 02, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, 48, 88, 42, 00, E8, E4, D3, FF, FF, 8B, 15, 40, 88, 42, 00, 8B, 12, A1, DC, 87, 42, 00, E8, 7A, 64, FF, FF, A1, 40, 88, 42, 00, E8, AC, 4E, FE, FF, E8, DF, E0, FD, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
145.5 KB (148,992 bytes)

The file microsoftoffice2016 key.exe has been seen being distributed by the following 5 URLs.

http://dc305.4shared.com/download/.../Microsoftoffice2016__key.exe

http://dc778.4shared.com/download/.../Microsoftoffice2016__key.exe

https://dc305.4shared.com/download/.../Microsoftoffice2016__key.exe

http://dc439.4shared.com/download/.../Microsoftoffice2016__key.exe

http://dc778.4shared.com/download/.../Microsoftoffice2016__key.exe

Remove microsoftoffice2016 key.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.