home

microsoft-powerpoint-14.0.4760.1000.exe

Microsoft PowerPoint 2010

The application microsoft-powerpoint-14.0.4760.1000.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from powerpoint1404.joydownload.pl.
Product:
Microsoft PowerPoint 2010

Version:
1.0.0.0

MD5:
1eb398232de9fd2e9283e247f0dcb9ce

SHA-1:
b461baeadff65576693ab96d637c690acbc683c9

SHA-256:
ec5080de65609dc6c7c02ed62e42ca708f8619c397deaae8e42e120d7fd43d09

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
6/22/2025 9:15:19 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.10304
9.0.1.05190

Emsisoft Anti-Malware
Gen:Trojan.Heur.zu3@xOiXPEki
11.5.0.6191

ESET NOD32
Win32/OpenCandy.A potentially unsafe application
7.0.302.0

Kaspersky
not-a-virus:AdWare.Win32.OpenCandy
15.0.0.562

Norman
Gen:Trojan.Heur.zu3@xOiXPEki
02.04.2016 17:35:19

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.5.19.7

File size:
412.7 KB (422,600 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\microsoft-powerpoint-14.0.4760.1000.exe

File PE Metadata
Compilation timestamp:
5/20/2013 1:53:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:2iuhJl43jPU3jGuy2evFHpsFCWZX7uNEdxmES:iblljG28eFg40

Entry address:
0x331C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file microsoft-powerpoint-14.0.4760.1000.exe has been seen being distributed by the following URL.

http://powerpoint1404.joydownload.pl/get_azure_file/wUiS4WnYccXEwj /.../NXK8ykYMayDMR7juXfdr0bIjzseZDR7RoGitTgao4SX7ivHRqsvT0mlIq4dp2gFQXzWtCDRnl8Q79WjwWWmLAOUI2syiPTENergxLh0KOr38FXB8ctyIf08wh LuFCw3eYbz1OgwHGL5uF7Fjqk1WMeve4GkbHhWzZzkTqt73EJDqZW90h tLOoqznLiHs5Z8MelR37vs4 RmiwgeeMLEJY2enUhuvDjWQhqzRyx3c9FASeiDAv5scy7m1twfGDP 2AW18vSMGCjBkvfguggKhD7livQDhhyMCQLSNbq0AID

Remove microsoft-powerpoint-14.0.4760.1000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.