home

office2010key.exe

The application office2010key.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from getridofacneovernight.net.
MD5:
bfee3d6da70ea2d9a12ebb47f1748a8d

SHA-1:
aaa5b9512d1127f3458362efc151ef0dace23276

SHA-256:
7a36c20ef82e69b57072552c4b25213a05d7f08654a6f20174e06abe4a822224

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/20/2024 12:30:49 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.OutBrowse
7.1.1

Avira AntiVirus
Adware/OutBrowse.G
7.11.132.254

AVG
MalSign.OutBrowse
2015.0.3556

Baidu Antivirus
HackTool.Win32.OutBrowse
4.0.3.14222

Comodo Security
Application.Win32.OutBrowse.~A
17819

ESET NOD32
Win32/OutBrowse (variant)
8.9449

Fortinet FortiGate
Riskware/NSIS_OutBrowse
2/22/2014

IKARUS anti.virus
not-a-virus:Downloader.NSIS
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11226

Kaspersky
not-a-virus:Downloader.NSIS.OutBrowse
14.0.0.4273

Malwarebytes
PUP.Optional.OutBrowse
v2014.02.22.10

McAfee
Artemis!BFEE3D6DA70E
5600.7212

NANO AntiVirus
Trojan.Win32.OutBrowse.csrlza
0.28.0.57630

Sophos
OutBrowse
4.97

Trend Micro House Call
TROJ_GEN.R0CBH07BK14
7.2.53

Vba32 AntiVirus
Downloader.OutBrowse
3.12.24.3

VIPRE Antivirus
OutBrowse
26680

File size:
616 KB (630,761 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\office2010key.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:NjFyhCfsMntd1zdwVWyK1EzotWlj+kzVX0xp+lHTNo5uLMxHeXAkepYsq4O:NByhCfsMtpwof1EzotWln3M6VXopa4O

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9786  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file office2010key.exe has been seen being distributed by the following URL.

http://getridofacneovernight.net/.../office2010key.exe

Remove office2010key.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.