Integrator.exe
- File Path:
C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe - Description: Microsoft Office Click-to-Run Integrator
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 97489994609008F48AA7BED0D8DA3828 |
| SHA1 | 4DEA935BFD8F23151D5CC6AAD9B1983ED7891CC3 |
| SHA256 | 9949299E32613FC679B3B6B6B07DE7530576A744FECDA757DB5F05CA70F4395D |
| SHA384 | 655DC0C439E82E25CC1922141DADF08B115665698191F9FC21C13B3BB5CB3B65E69B15CC71E090308A70AF84CCDF378F |
| SHA512 | B6A35A255FAA241464BAB343B957D6A89AFE6EC8662EC43A2BCDC4268CF5B81CA31EC2217BED9A6C7D66110B74462C4D55CC92D592E49984E8749AB03F4057DC |
| SSDEEP | 98304:2QjcJxbyJdUSMyGG0/Uu245KUlKgBe4Z/SaZpXyvoL:dcfy8SMiEUugt4divy |
| IMP | 5E510FA114C88D212F7C6CAE0528C9F4 |
| PESHA1 | 59F35F40D78403067E802CE03609C4F52E5E024C |
| PE256 | 68BB5F0956761EF5F95EEACEC8E5A8BDB31FD4BEACBBB11E9AF53182335DA618 |
Runtime Data
Usage (stdout):
Usage:
Integrator.exe [/I | /U | /C | /R | /T] [/Extension /Msi /License] [/Global | /User] [/C2R | /AppV] PackageGUID={GUID} PackageRoot=<Path> <name>=<value>
Modes:
/I - Publish
/U - Unpublish
/C - Clean
/R - Repair
/T - Test
Actions:
/Extension - Custom Extensions
/Msi - Msi
/License - License
Scopes:
/Global - Global publishing (Default)
/User - User mode publishing
Scenario:
/C2R - Click-To-Run (Default)
/AppV - Click-To-Run through App-V
Properties:
PackageGUID={GUID} - Package GUID
PackageRoot=<Path> - Package Root
MsiName=<Msi1>,<Msi2> - Comma seperated list of Msi Names
<name>=<value> - additional list of name value pairs
/? - Help
Loaded Modules:
| Path |
|---|
| C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
33000002CE7C9ACE7D905ED2B70000000002CE - Thumbprint:
B10607FB914700B40F794610850C1DE0A21566C1 - Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: Integrator.exe
- Product Name: Microsoft Office
- Company Name: Microsoft Corporation
- File Version: 16.0.12527.20470
- Product Version: 16.0.12527.20470
- Language: Language Neutral
- Legal Copyright:
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/9949299e32613fc679b3b6b6b07de7530576a744fecda757db5f05ca70f4395d/detection/
Possible Misuse
The following table contains possible examples of Integrator.exe being misused. While Integrator.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | registry_event_asep_reg_keys_modification_common.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_currentversion.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_currentversion_nt.yml | - 'C:\Program Files\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_currentversion_nt.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_wow6432node.yml | - 'C:\Program Files\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_wow6432node.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_office_vsto_persistence.yml | - '\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_removal_com_hijacking_registry_key.yml | Image: 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.