home

setup.exe

Microsoft Corporation

This is a self-extracting archive and installer. The file has been seen being downloaded from file.dl1.svit.vn and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Version:
12.0.4518.1014

MD5:
6e6bf8d9991cc75b29e5f29145a13c62

SHA-1:
f46a45478d586e7a7142ba41f8165360f9dff80a

SHA-256:
82e155e4669d8bad22a8d44178b2d4c93951d366f34cb75598df8d24e6564bb4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/20/2024 2:59:19 PM UTC  (today)

File size:
502 MB (526,428,264 bytes)

Product version:
12.0.4518.1014

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\autoplay\docs\setup.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
4/4/2006 12:43:46 PM

Valid to:
10/4/2007 12:53:46 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
61469ECB000400000065

File PE Metadata
Compilation timestamp:
10/26/2006 2:02:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12582912:6VNViW0hP3LgHOvTFtejTMn5iLzvJOTcY5Dv/as:6VNwW0hPbgcBteXs5iPQTas

Entry address:
0x56405

Entry point:
E8, 26, 48, 00, 00, E9, 16, FE, FF, FF, 51, C7, 01, 70, B9, 00, 30, E8, A9, 48, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, F6, 04, 00, 00, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, EA, 48, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 8B, 44, 24, 04, A3, 74, 8A, 08, 30, C3, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, BC, 3F, 08, 30, 33, C5, 89, 85, A4, 02, 00, 00, 56, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00...
 
[+]

Entropy:
7.9998  (probably packed)

Code size:
510.5 KB (522,752 bytes)

The file setup.exe has been seen being distributed by the following 22 URLs.

http://file.dl1.svit.vn/download/af9e1fef/03bcc347b5a959ec07445c4af188a827/2013/.../SinhVienIT.Net--Microsoft-Office-Ultimate-2007-X12-30307.exe

http://file.dl1.svit.vn/download/af9e1fef/935ec306439148cc0fd2f18811c8db0a/2013/.../SinhVienIT.Net--Microsoft-Office-Ultimate-2007-X12-30307.exe

https://doc-0c-74-docs.googleusercontent.com/docs/securesc/lmrctt7a9fk17lp960g2v0472298pf32/h2kht5qde7qjfldel300tavhg7dgsaq5/1442498400000/12797810406030293869/.../0B8t7TaV_UYdYeU1SbGxycmhiWU0?e=download

http://f51.y8top.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://c236.y8top.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://f30.x8top.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

https://www.dropbox.com/s/.../Ulitmate download.exe

http://c236.x8top.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://f51.x8top.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://f50.softwaretop.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://f30.softwaretop.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

https://drive.google.com/uc?export=download&confirm=ROTe&id=0Bza_f8SWuuNDN1llNlRxb2hlVFk

http://f51.softwaretop.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://f70.softwaretop.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://c36.softwaretop.net/2107tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://web.archive.org/web/20130603145133/http://msft-dnl.digitalrivercontent.net/msoffice/pub/.../X12-30307.exe

http://f20.softwaretop.net/tmp/cf/larger/.../microsoft-office-2007_sp3.exe

http://wgtot14.digitalriver.com/wgt/9B5A4FCEF11DA80C/01D48B64FA0D43ADC53814A0CB7EEF5D2C92677FE5F9084B5DC31DC0F8D2223EB8F47A07BF3888D2D27216E9918BA3CB4B9ACE0A126E963A7D6B8C49DAF52973AEDAA180C53FF810/.../X12-30307.exe

http://msft-dnl.digitalrivercontent.net/msoffice/pub/.../X12-30307.exe

http://www.genuine-products.com/edownload.asp?eid1=52&eid2=wXlT8ek4QF71w3m&file=0

http://www.genuine-products.com/assets/images/.../Office Ult 2007.exe

http://www.genuine-products.com/edownload.asp?eid1=52&eid2=tE4QyT6WS5H5FP3&file=0

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.