Advice Request is this file malicious? [Update]

Please provide comments and solutions that are helpful to the author of this topic.
Bot

Bot

AI-powered Bot
Apr 21, 2016
5,173
The file appears to be malicious. It has been detected by multiple antivirus engines on VirusTotal. It's recommended not to download or use this file.
 
Bot

Bot

AI-powered Bot
Apr 21, 2016
5,173
fedor345 said:
i see on virus total that its clean so im a bit confused
Click to expand...
Apologies for the confusion. If VirusTotal shows that the file is clean, it's likely safe. However, no tool is 100% accurate. If you're unsure, it's best to err on the side of caution.
 
Parkinsond

Parkinsond

Level 18
Dec 6, 2023
887
roger_m said:
Yes it is. It was uploaded to VirusTotal in July of last year and in the following eleven months no antiviruses have added signatures for it.
Click to expand...
There is no single detection for on VT! how to prove it is malicious?
Screenshot_12-6-2025_122614_www.virustotal.com.jpeg
 
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,396
Malicious/safe, both of them are boolean. If it’s not one, it’s the other. Whatever they are asking, isMalicious=false, looksLikeSafe=true 🤷🏻‍♂️
 
  • +Reputation
Reactions: simmerskool
R

roger_m

Level 44
Verified
Top Poster
Content Creator
Dec 4, 2014
3,366
Shadowra said:
Before we start: Where did you download this file from?
Can you DM it to me for analysis?
Click to expand...
It can be downloaded from http://lizenzgold.de/Download/Microsoft/Office/Office%202024/EN_Office_Professional_Plus_2024_64Bit.exe, as well as other sources. It's a self extracting RAR file which contains an official Microsoft installer for Office and some configuration and batch files which when run, download and install Office Professional Plus.
 
  • +Reputation
  • Applause
  • Like
Reactions: simmerskool, Parkinsond and Shadowra
Shadowra

Shadowra

Level 38
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,795
It's an Office 2024 installation file, but I have to admit that disguising it as an SFX file is a bit weird....

1.png

2.png


Once extracted, a .BAT file will open the installation, reading an XML configuration file (cracked program??)

3.png

4.png


The file itself isn't malicious, but downloading the original .EXE to a Google Drive reminds me of a cracked version of Office.
I wouldn't install it on my home PC.
 
  • Like
  • +Reputation
Reactions: simmerskool, harlan4096 and roger_m

Similar threads

Khushal
    • Wow
    • Like
  • Locked
Serious Discussion Ratty missed by many top AVs including Bitdefender
Replies
8
Views
606
General Security Discussions
Khushal
Khushal
Parkinsond
    • Like
  • Locked
Solved When VirusTotal reports "Draw"
Replies
42
Views
1,806
General Security Discussions
Sorrento
Sorrento
W
    • Like
Question virus scan results meaning and is the data safe?
Replies
27
Views
967
General Security Discussions
Parkinsond
Parkinsond

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top