» setupproplusretail.x86.en-us.exe
Overview
Analysis
File Details
Programs (2)
Downloads (35)

setupproplusretail.x86.en-us.exe

Microsoft Office

Microsoft Corporation

This is installed with multiple programs including Microsoft Office 365 - en-us and Microsoft Office Home and Student 2013 - en-us. The file has been seen being downloaded from www.microsofthup.com and multiple other hosts.

File name:

setupproplusretail.x86.en-us.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Office

Description:

Microsoft Office Click-to-Run

Version:

15.0.4701.1000

MD5:

fc98c509efd4727b9def70cc8ed6f605

SHA-1:

778e9754fc942d3362eed1faf3decbf52a270fe8

SHA-256:

b98e50252ccdb6b9c17b784fe3b2af079e62832963f15cbb5c50a782f783075a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

4/26/2024 4:24:51 PM UTC (today)

File size:

1 MB (1,075,376 bytes)

Product version:

15.0.4701.1000

Original file name:

Bootstrapper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\setupproplusretail.x86.en-us.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

4/22/2014 10:39:00 AM

Valid to:

7/22/2015 10:39:00 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

33000000CA6CD5321235C4E1550001000000CA

File PE Metadata

Compilation timestamp:

2/9/2015 11:53:54 PM

OS version:

5.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.10

CTPH (ssdeep):

24576:qk4rkV47WyYBc64lwJ07H0c303F0dbTua1dyI5IZN:qXru4a5KPwc30V0QeTIv

Entry address:

0x5E4B2

Entry point:

E8, 82, 53, 00, 00, E9, 81, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 52, 12, 00, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, CC, 12, 40, 00, 57, FF, 35, C8, 2E, 4E, 00, FF, D6, FF, 35, C4, 2E, 4E, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, AC, 54, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, 3A, 54, 00, 00, 59, 59, 85, C0, 75, 16, 8D... 
[+]

Entropy:

6.1793

Code size:

863 KB (883,712 bytes)

The file setupproplusretail.x86.en-us.exe has been discovered within the following programs.

Microsoft Office 365 - en-us by Microsoft Corporation

Office 365 is a subscription-based online office and software plus services suite which offers access to various services and software.

www.microsoft.com

9% remove it

Microsoft Office Home and Student 2013 - en-us by Microsoft Corporation

1% remove it

The file setupproplusretail.x86.en-us.exe has been seen being distributed by the following 35 URLs.

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235hda80dd783b10468880124f8634250604&receipt_id=843727434&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=X2NB2-BWBR3-JPYW7-PGPTH-X7363&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=PR

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234hf5c008c09a6e429eb1f1a2a4dc3c9762&receipt_id=864605471&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-GB&id=g506f64303932h10598c92435d48d2b743ff79d604b94c&receipt_id=551345797&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303233hfe40f5b83ab44778882b19c0c8893f12&receipt_id=862644095&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=GN2KX-V4PR2-3WQHG-3RMYJ-WB29Q&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=IR

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234h8bb8a42e311b4796b0f68fde817f3824&receipt_id=864282637&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234h97967d5416084fd1a67a4284a658f4f8&receipt_id=864731119&local_only=true&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234h0f24f906489849b2a0235d98257f8f49&receipt_id=864774163&local_only=true&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234h2f349ea059a24f109f018f6fa77075a4&receipt_id=864775383&local_only=true&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303233h434420db2dbf4cbd8eaafb8ad2502e16&receipt_id=862897965&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h7322c3dc648640218f17234b51604dde&receipt_id=843885855&local_only=true&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?TaxRegion=IR&version=O15GA&language=en-US&Source=O15HUP&ProductreleaseID=ProPlusRetail&platform=x86&act=1

https://c2rsetup.officeapps.live.com/.../download.aspx?TaxRegion=PR&language=en-US&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&platform=x86&act=1

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-CA&id=g506f64303931haf5dd0b0ad0140138aec1fc50add368d&receipt_id=476593168&local_only=true&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&language=en-US&TaxRegion=SG&Source=O15HUP&platform=x86&version=O15GA&ProductreleaseID=ProPlusRetail

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234hfa65decece724e8facd138f92f35468e&receipt_id=864746753&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235hd49dcc58265b451e9540bd478af66eba&receipt_id=843836519&local_only=true&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&language=en-US&TaxRegion=IR&Source=O15HUP&platform=x86&version=O15GA&ProductreleaseID=ProPlusRetail

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h73eca19e5da44f88ae42891d442ee49b&receipt_id=843831401&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h9d07d8d97ff742b78b0ac1b07fb020dc&receipt_id=843853093&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&language=en-US&TaxRegion=PR&Source=O15HUP&ProductreleaseID=ProPlusRetail&version=O15GA&platform=x86

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303233h33250f0dd49d4f5c913380c09d715464&receipt_id=862907846&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-GB&id=g506f64303931h1483877388254740b5fbcff1fb9f4d22&receipt_id=476612761&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=GPDRW-K3NX3-6Q86J-239C9-P343D&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=PR

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h2063b193579d4cac915773550ad6725e&receipt_id=843854954&local_only=true&dname=O15.download.name.32

https://c2rsetup.officeapps.live.com/.../download.aspx?act=1&token=DQKYN-HHWQR-QPW2V-92CWD-489KQ&platform=x86&Source=O15HUP&version=O15GA&ProductreleaseID=ProPlusRetail&language=en-US&TaxRegion=PR

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h8b10c941bb264b27985fbfe3fad6dda1&receipt_id=843827206&local_only=true&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303234hb5e89dd668c74b328f8898993969c13c&receipt_id=864384655&dname=O15.download.name.32

http://www.microsofthup.com/.../unitdownloader.aspx?culture=en-US&id=g506f64303235h8e7c48d9de9a497bbfa2ddc82895d413&receipt_id=843832564&local_only=true&dname=O15.download.name.32

Latest 30 of 35 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.