home

SOFFICE.EXE

Apache Software Foundation

This is a setup program which is used to install the application. The file has been seen being downloaded from republique.anjou.e-lyco.fr and multiple other hosts.
Publisher:
Apache Software Foundation

Description:
OpenOffice 4.1.1

Version:
4.00.9774

MD5:
3c69a38aca535d234f6f51f11d8a8208

SHA-1:
8e53bc5c3ff14f7fc090d05f0d0bdffc3de9c1ee

SHA-256:
22edf38d67b2d2c25d42b974adef28b21391037bd8040d03085df6498b159973

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
6/17/2024 11:10:42 AM UTC  (today)

File size:
9.4 MB (9,837,056 bytes)

Product version:
4.00.9774

Copyright:
Copyright © 2000-2013 by Apache Software Foundation

Original file name:
SOFFICE.EXE

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\Program Files\openoffice 4\program\soffice.exe

File PE Metadata
Compilation timestamp:
7/29/2014 12:40:00 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:l4adWhxSd/FUpoWyKAozKY4TPLKAoSKn:ljdWxu/mpodKACXCzKAfY

Entry address:
0x25C2

Entry point:
E8, DD, 04, 00, 00, E9, D8, FC, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, 41, 40, 00, 89, 0D, 44, 41, 40, 00, 89, 15, 40, 41, 40, 00, 89, 1D, 3C, 41, 40, 00, 89, 35, 38, 41, 40, 00, 89, 3D, 34, 41, 40, 00, 66, 8C, 15, 60, 41, 40, 00, 66, 8C, 0D, 54, 41, 40, 00, 66, 8C, 1D, 30, 41, 40, 00, 66, 8C, 05, 2C, 41, 40, 00, 66, 8C, 25, 28, 41, 40, 00, 66, 8C, 2D, 24, 41, 40, 00, 9C, 8F, 05, 58, 41, 40, 00, 8B, 45, 00, A3, 4C, 41, 40, 00, 8B, 45, 04, A3, 50, 41, 40, 00, 8D, 45, 08, A3, 5C, 41, 40...
 
[+]

Code size:
7.5 KB (7,680 bytes)

The file SOFFICE.EXE has been seen being distributed by the following 13 URLs.

http://republique.anjou.e-lyco.fr/lectureFichierGlobale.do?ID_FICHIER=2020328

https://webmail1d.orange.fr/webmail/fr_FR/.../Download.html?CHECK_ATTACHEMENT=TRUE&NAME=soffice.exe

https://ent77.seine-et-marne.fr/conversation/message/b08a06b9-adb2-41fe-9abd-e3edc2b91325/.../bf65380a-e45d-4087-86a9-16820fd60f3d

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-5LmL9WP0RhnDaKMciFdGO38fUDC6akPYz2N6SCSirnAkaTduPacBSUbKLBmf16V_Gl2LEeEb8L4Fd0GBJs5fOA/messages/@.id==AOp2w0MAC-9HWCqHHQPv0JM8zy4/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=923c703a-e164-f161-019d-44002a010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBbsFnBENMzCeUp8rA4VFm6CURVrZ4i7K7EnuJQT-MPu5dojg8wmGFvqVwfw3PT0YkDhBLnz2bZQufgc5_eQwIX-&error=https://mg.mail.yahoo.com/.../iframemsg?id=f3eb6166-1f59-6358-358e-d4804f8a3143

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-lM8PgtmPSsf6mFlGVN9yPKHR0IzFb1eUTcAXU94NBMGZiH4sXVd3MlXV4Ly1Ihkq/messages/@.id==AA93w0MAAsD1V1pviwP7iEcvskU/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=2b768798-3511-f515-0161-5b0050010000&token=_gM4-C-TZX4rSmVHxObJ2BgY8BK8PKj_gbVRpNx0-5WID5MeGqrPXbj3ryIqNYdDOstHGQ2SvOzuBlPC52QM-g&error=https://mg.mail.yahoo.com/.../iframemsg?id=36512544-6718-83f6-c5a6-08e91243d440

https://webmail.laposte.net/service/home/.../?auth=co&loc=fr&id=35008&part=2

https://3c-bs.gmx.co.uk/mail/client/attachment/download/.../;jsessionid=FD8C46F9458302A1CE5E2964797F619B-n2.bs13a

http://zalacznik.wp.pl/0/.../soffice.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-WNsEK726w2K0f5M9n-nUIuyJf7fWPtksmGj8q4jJ-2tystQ5MZOSULo94CqMBfTbGH4nkLovJSeSm65J69qU1w/messages/@.id==ACjsw0MAAALUVtTwvA6SeDTu_MI/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=72f69149-b5f5-dece-01d4-160008010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBa58DkzluRCtutF4Inx3fWthDkl2XRrH0DbT3I1eJbbtQ&error=https://br-mg6.mail.yahoo.com/.../iframemsg?id=17cf03b9-620f-297d-4b14-7ad4c55b50e4

http://poczta.onet.pl/download.html?kid=31745141

http://mail.voila.fr/webmail/fr_FR/download/.../OUTBOX

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==MjkyNzMzOTc1OTQ2MTI1ODUgMTY0NjUzIDE2NDYgd29vbGlubjFAeWFob28uY29t/messages/@.id==AGx2w0MAAEvmVn6riwczwK2TaUU/content/parts/.../raw?appid=YahooMailNeo&token=6y4Aqeys1_VC5VUKofY6jFPcxNfPIkdkrkKH5d9iWUADbeKwpP8s75MUqs9w4se76F676llwJijNHGM9Rx73ng&ymreqid=7163b7e0-abe1-11e5-c000-92d5271d0679

https://mail.aol.com/.../getPart?uid=30162921&partId=2&saveAs=soffice.exe

Scan SOFFICE.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.