» PolarisOfficeInstaller.exe
Overview
Analysis
File Details
Downloads (7)

PolarisOfficeInstaller.exe

Polaris Office

POLARIS OFFICE Corp

File name:

Publisher:

POLARIS OFFICE Corp. (signed by POLARIS OFFICE Corp)

Product:

Polaris Office

Description:

Polaris Office Installer

Version:

7, 1, 7, 68516

MD5:

66af61d5d9b1e399c026f94fe1471af4

SHA-1:

c1b27dc7965993595451b0f2d5897cfaf6b097a9

SHA-256:

c0de612dc5bf60da90f87d9fbb2fd16e99e3dacacf7074a8784b9eed0fff41df

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/8/2024 6:03:13 AM UTC (today)

File size:

3.8 MB (3,973,560 bytes)

Product version:

7, 1, 7, 68516

Original file name:

PolarisOfficeInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\polarisofficeinstaller.exe

Digital Signature

Signed by:

POLARIS OFFICE Corp

Authority:

Symantec Corporation

Valid from:

2/3/2016 1:00:00 AM

Valid to:

2/3/2018 12:59:59 AM

Subject:

CN=POLARIS OFFICE Corp, O=POLARIS OFFICE Corp, L=Seocho-gu, S=Seoul, C=KR

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

5125AB0B27081281CA605FF959FD490F

File PE Metadata

Compilation timestamp:

4/29/2016 3:31:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:oeuelu+ucB4KMj516bOoojfbWH5AakFLOAkGkzdnEVomFHKnPp:xjXBeZfbWH5uFLOyomFHKnPp

Entry address:

0x13A9C6

Entry point:

E8, 96, 90, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 70, 92, 5C, 00, 75, 02, F3, C3, E9, 2D, 18, 00, 00, 55, 8B, EC, FF, 75, 18, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 05, 00, 00, 00, 83, C4, 18, 5D, C3, 55, 8B, EC, 51, 83, 7D, 14, 00, 75, 15, E8, 3D, 21, 00, 00, C7, 00, 16, 00, 00, 00, E8, C5, 96, 00, 00, 83, C8, FF, C9, C3, 53, 56, 8B, 75, 08, 57, 8B, 7D, 10, 85, FF, 75, 14, 85, F6, 75, 18, 39, 75, 0C, 0F, 85, AE, 00, 00, 00, 33, C0, E9, BA, 00, 00, 00, 85, F6, 0F, 84, 9F, 00, 00, 00, 8B... 
[+]

Entropy:

6.7235

Code size:

1.4 MB (1,489,408 bytes)

The file PolarisOfficeInstaller.exe has been seen being distributed by the following 7 URLs.

https://www.polarisoffice.com/.../pcoffice

&onid=18483&oid=3001-18483_4-76476493&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=biz-soft/office-suites&topicbrcrm=&pid=14686378&mfgid=10220483&merid=10220483&ctype=dm&cval=NONE&devicetype=desktop&pguid=382fe9b330ab2701217f0f84&viewguid=c9gLZOMfZ-nreytJCObDyZuCkkvz@e7-XLfC&destUrl=http://files.downloadnow.com/s/software/14/68/63/.../PolarisOfficeInstaller.exe

http://polaris-office.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWtAJKug4ApNfQLscYPFtCg 8 01mUIxRaDavqmSwSp0ICTCsX7rZEv4ck5HMWprS5D5H3qjVzvchmTBwvfF1K0MHJa5gprxz/.../yAfuQFO3Ev2AG3VGV9maCUUvu8=

http://files.downloadnow.com/s/software/14/68/63/.../PolarisOfficeInstaller.exe

http://install.polarisoffice.com/.../PolarisOfficeInstaller.exe

http://gsf-cf.softonic.com/c1b/27d/.../PolarisOfficeInstaller.exe

http://www.polarisoffice.com/.../pcoffice

Scan PolarisOfficeInstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.