home

microsoftofficerus.exe

ProfitServis LLC

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application microsoftofficerus.exe by ProfitServis has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the ProfitServis Downloader installer. It is also typically executed from the user's temporary directory.
Publisher:
ProfitServis LLC  (signed and verified)

Version:
1.0.0.0

MD5:
344eab8ab8d8afeb02da6a48f9a63ead

SHA-1:
78269c7dcba9d93e38f0d21038b6d795aa22c789

SHA-256:
ad18261f7a9ed78ae15ea712dbd005f4f306fb38a643feaf56ce2c577d698318

Scanner detections:
13 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 7:54:05 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/InstallMon.enib
7.11.175.218

avast!
Win32:InstallMonstr-GC [PUP]
140929-0

AVG
Generic
2015.0.3335

Clam AntiVirus
Win.Trojan.Installmonstr-29
0.98/19462

Dr.Web
Trojan.InstallMonster.986
9.0.1.05190

ESET NOD32
Win32/InstallMonstr.FV (variant)
8.10491

K7 AntiVirus
Unwanted-Program
13.183.13619

Norman
InstallMonstr.V
11.20141001

Reason Heuristics
PUP.ProfitServis.S
14.10.1.0

Sophos
Install Monster
4.98

Vba32 AntiVirus
Signed-Downware.InstallMonstr
3.12.26.3

VIPRE Antivirus
Threat.4150696
33520

File size:
3.9 MB (4,105,056 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
ProfitServis Downloader

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\microsoftofficerus.exe

Digital Signature
Signed by:
ProfitServis LLC

Authority:
Thawte, Inc.

Valid from:
5/21/2014 3:00:00 AM

Valid to:
5/22/2015 2:59:59 AM

Subject:
CN=ProfitServis LLC, O=ProfitServis LLC, L=Village of Kommunar, S="Kharkiv District, Kharkiv Region", C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
259670E42586FCE460513727E39AB7DF

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:QD4zL/J3GlW8UcGRhIA9/kWUHrHKJv+R7QVV+aI/7pfZ/xW5EQwP:QD4PJsYdf9bxvkampfZ/x6EQe

Entry address:
0x6A52B0

Entry point:
60, BE, 00, C0, 77, 00, 8D, BE, 00, 50, C8, FF, C7, 87, A4, D0, 38, 00, F0, 02, 46, 9E, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
3.2 MB (3,317,760 bytes)

Remove microsoftofficerus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.