apache_openoffice_4.1.1_win_x86_install_pl.exe

The executable apache_openoffice_4.1.1_win_x86_install_pl.exe has been detected as malware by 1 anti-virus scanner. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from s5954.chomikuj.pl and multiple other hosts.
MD5:
7f54df99bfe2e4f29ad210117a8e3ce1

SHA-1:
e6d225dff8b21ca76952a72c4ecf699b391e7255

SHA-256:
ac8aa60665df11e56c677490760edfa742e55ffd449c3e69df031e3a8bf25dfe

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 1:41:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.6.23

File size:
125.5 MB (131,579,802 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\apache_openoffice_4.1.1_win_x86_install_pl.exe

File PE Metadata
Compilation timestamp:
2/24/2012 8:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3145728:9nq1/YkV6tkuM+gROm4zvS1Pph+2Rpg+OKAKM:qYBtJg+SlPplOK8

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file apache_openoffice_4.1.1_win_x86_install_pl.exe has been seen being distributed by the following 50 URLs.

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkbJ-8v1B1h7hYAjDJ66jgRAcIzxr3ANV-foGN85P7_w-aT6Ku_5V0seUl2a3RGvPy9mdltEhxgO1a1TqdNtIX23MfBsHNQGzKMeDKspUR4dBDiZhDNgp6T50mUyE73O0eAViDUKGZLVFg9By5K_5Qbh53x_5I7CJwO8CB-gmrtZN&pv=2

http://www.bytesendclear.com/WPw_pE34la3hgIiCh2i_A52DBL8jiE2yZCkL3ctJ7xz HjllixIS1d_8L1Fvb07Cs34PidNWmIlmm6YAlIqLLlRQ0QBhfnoJzcBk2Uzu5SVYEUh3mqBBf1QdEeuP7a6y nfA1WTL02QwV5dM2sAnezp2wJhwlM2aZbxP9ShsQYyFSTkApqtvz8I0HvLSdxgX5odufUW6JyU8blWh3wNFOkWhGffl_h4If5FMsrdsHXVZMv_CuDbyGEdNzZZK0tE0YpgV kLZUc4xkU7yLz81k8pwEJ3V2pyjaE 2FhRcLLMyY6lVeQXVozFT5nQIzegBKWZXY7goeXpigOM5_gTmQPDDfxaNpkdDYekf5Pdxg45lgqyTnlJ5VFZFIqYDLpMstzXBR7DruKQiHaXDF hpMmiGQF2VBEzTAZkYsLUsGciXrjIBeAyadivbGO5ybuVfcb n_gEDER1vPPUG9Q_x QKmDBY 7as1SLEfO545AJzuEzycViun E0BAag5aKJ0dKYtldeXlJnIVPb1ZeQKMwINVidlrOkuYbHg9i8l2S88x2fMa WCqkVPOVOLFbyINKcMdBd9AthBhbuqAA83EgQoaAfTiQ==-G20AAOTpFhMQ8m0m38zsZ8r AWM6vWMcONw62CILzTLR4JCjgx3akjSuMRoJ4j4YntxNR_crF8akTd_0vSY3pspD5Vl6f0IluN1yhNgjj081CkiIifIL

temp:Apache_OpenOffice_4.1.1_Win_x86_install_pl (1).exe

http://www.bytesendclear.com/O 3TWRsHt6L5y_shtrDWb8t1MpV6okTarM 01C84_vZ1jXmrj7JyJeEpLeFPhdQ9ONN0smudQTRaIsjRbwYfnycvm2zK9dUanamqPkwQ4gEXIyYqjGyYqSsVOsd11cud11RdQ fIMPffyPGyzqdiPmtzWUTh4SJaD6UqsdjTPj0Qee63mwdhkZqXCSuy61K3tDEFlTdJl0pHzD_Zj0rOBcOe7Sz3dSribLd_ckvF6f7xvAadWW7MuBzNaTXnM35ZuRmp5qEFwsM9mZp8lFMYUS5y_ufSwOxTZSWdaer3 9OSpuW7Ni3ndqdL7dvbUlarsspTdcRRGa_YEKWwXV3 WLoh5eaOmpkGs CmxFADNvUryfQCGr60Zun5jBDt4x1mY4FCJXTQ9wtYiVpmgIuFHsOLOldP_loZVxQK_0PB3SsM7cTOAmF4BHAgODPumz 2Xyl0BycibD8EAV8DPu2rtfZocrilGgrh6SgKxEHtSFTUQTE9h5TwJx6Pqn0UOIkJaV5NWlXa5db1eTGn 1RnIFGvvRhcJM4SoGtrTMErlNRSZxxh8wNpsE5QaZUju2wVD tzZ _xUiBaaP6Gz9nPBxFKwjf8YQYTPDzmDeAyk7x9zdXY3ro=-G20AAOTpFhMQ8m0m38zsZ8r AWM6vWMcONw62CILzTLR4JCjgx3akjSuMRoJ4j4YntxNR_crF8akTd_0vSY3pspD5Vl6f0IluN1yhNgjj081CkiIifIL-E

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkWHy6b6BcWhuKW_bczp7K8wR8u4dtdKYZGoLEFrJyTsHt4WuQ7eSF1s5Ac56_DcaLA8w2z6ayNUOpbWt2xe526Eov5EG1V1QSbMJTiCQW1WX4d3DPFRZT0r3XiJP1J7mb942KPNjieB60XzWw1mJJPMw0pnN8eOcmOfPTBvUSk3W8vuylhdEWMtwLuQif21-dQ&pv=2

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkWHy6b6BcWhuKW_bczp7K8xoU8uw-kMktJAkBrNgwWX6YGsD4x7s0Iq8UlQDhXxTe9beIO8LUKhjBYdvLif57-_edLYfftC5t5tFlzVyZlYzc3KCiPHwm_eW5mJetCu9bzNEYhJ6rlX_Ygme_nyrkz10ekA4aR1miJ-GU3CjGO5F3C2DXHweJkb16K7nPtb8vQ&pv=2

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkWHy6b6BcWhuKW_bczp7K8xFTsG1rBT3l6pEVI8OVVPVP6KbX9AqK0uEIdjXPrVWXaSFsltIcQLWuOpzk18Es8JK4Vy_Yr5vKpmYjyvJ8dT7AG-AR6v-ccwVw14Sr3zJMrmubz2qNXNE7ROX0kWwBvTIw9DNFx96QCY3ib5Oa-CJwIAko2hzQrMRBaDkZBB2dQ&pv=2

http://dpcdn-s05.pl/.../Apache_OpenOffice_4.1.1_Win_x86_install_pl.exe

http://www.bytesendclear.com/igAigjamFV8vB1lk0AQkkB_8udB4QdppGQ9FKA1ur6Q_cw2A9wGq5x0bGKI3e14haANTrHrPUlvGBdjKDBnXZVCDRHwuPP32xI1H3qx7DDPu73l7L4O8SzSMKPHAZPALcy6iFZoHBs5fsVp72SYHBay5eHwsNtYecyPieMxnUye5zg0_9TJGrkQSKeqxg8ZowrwFS6wziClcfsZzCdaAE0DQBZvRltCTeMIOooyUGEJvznnv4_Hdh0_haRB04IB9dLYM fr MFbaOoFlqYDoQZc9hf18YuaYQgJNKPbLyiUKZUswvWSd9hqDqUXi1gc8swQv6CTLcw8ExHguEzewJxgmvsgfVbV_WrvqY_dYrVJNcCsn_xXl_xo7FOCAMXM38_fG_YNuM2u8OIKckT7rwqH1M6MQ8XAfJFuSN_BY269ypCwl1N4gmCPpaBtmMRlo7b3S _0g7NsE7GC7TK3_zZdguOXLLSCvQ0Q1_iVH6VlhbqGDQTmTvN geUU2SnFupxZDnoDCq5Bu5stPLW_lJYcdHuRsvomHHDfQ88LdIpS0Z36WkFrqTI1867OHGUjLzwdyFqjA0hR1OKlS C7IlcRzpaAbyX20VyjJiDtcCxfdBB UCJxVmgbqYhSK39N3Bspf3zv1-G20AAOTpFhMQ8m0m38zsZ8r AWM6vWMcONw62CILzTLR4JCjgx3akjSuMRoJ4j4YntxNR_crF8akTd_0vSY3pspD5Vl6f0IluN1yhNgjj081CkiIifIL-E

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkbJ-8v1B1h7hYAjDJ66jgRA3XcEiex0q7Dpd15rvg_KGefzRxDdg9tP6K91jjggmWaczAQotu6kcrQWRPIJY-Ub2thfpihL9xE-Q5-ljE334ldSIPWnmqBL4Li_itey6Jq64JdstUZ5FmJ8wpVOPwFbClx1R_aW3XFw6o2RTNSg5&pv=2

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkbJ-8v1B1h7hYAjDJ66jgRC-7XUVuyWVQDRnYnzf-BBCkod1wXpTfUZOcokCr-uhFFrZ1-L8SeBPrOJ35R5XwM_XXgmt8vX-GmawUHdBJ1mn7P12YAYzoiKxlidQrCI68MN879FPUMj7UbR_2IpHmij-glqhQ9tCVBcvkU-Smu9z&pv=2

http://www.bytesendclear.com/H5_IRgha_SWmrjqkQBWhWHyIFJSHOk3tRZv6eKLIpYxfobnwdCEDTGXB0awEjF7RtGym3NHwHicXzqQDJ_wAH1bu11VUTmwNuxWx8Y RCUgM F2aJftwJ_xYx912Gv3 vDOBqFPAlNE0iAF0qXmfXjGvu3sz4VBdL2jOMh31WQPZDx8GK8kGTmUx hbnOQqp737Hy8Z783YR35jJtpEnceFvGwr8feqHT0ZMATp_gA8c87fxh4IQg5zcxBCD6BGCNMb6hWb6otQKwFLdKcujJllPzSsRlUS4YjsmqEXcdiEipr9mGEq4buNkNv2OhnXr59O1CeaOJiWGt GrkmJx_E_mKPNiew0fIBmFOcsYpkHGhW 3 SRwggZCWQOgMoKfnUuVGGok59ZFEAMwsVCyDS1qvMluYHdjdQ644ABrm1vx4FzZ1hc6JaFb8xC5m4dUywjVBl9AcIiB6KAzz33a4lo641UPx7X0pILzlnhKbu31BUBBFgkc1jypPi0ehlhT_3A7jIBEwl6cK tBi7KYLfBfeWrQpJLcrwTwpMorRJEk3QLH_69n5yYIbwWvdmhOXrHY6nKXDTBzVfqlDpznHMZnXtwimZaDnICpwqCcfkE_1iCzfUo=-G20AAOTpFhMQ8m0m38zsZ8r AWM6vWMcONw62CILzTLR4JCjgx3akjSuMRoJ4j4YntxNR_crF8akTd_0vSY3pspD5Vl6f0IluN1yhNgjj081CkiIifIL-E

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkbJ-8v1B1h7hYAjDJ66jgRDcB0nMOnZko3zcQMQxqvMJnNYMfhJBhusAZ8VVcVd_7CI5pbu0ub_y2--I1y5rUdM5A9vjvUOgp-rr_RTb3qbtvLeJBjVNY5yQv1iJ-UMljZXLW-AnSRS--65DH40WqX4ogKlgD_bsRpT2QV3wOM45&pv=2

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkbJ-8v1B1h7hYAjDJ66jgRCM1Yiibkb0OjVcacrxPexJ8YQunoKsD4Fd9_cdVdxucdGuh7ggLYFcnSLL4xIfi3xF0aVvr8zjPsmPfQTcqyvpnSLTduHzFGBunwt8if9fXgWmnlzE9boTQrFRLdCVuzjGusJ3cG8vILoKwHRd3JKN&pv=2

http://www.bytesendclear.com/FqgjXSmwz28nnEesD3VHxy3eW4M9UHM7ToiYNNLcYrQpt6MIeadcyf4ecB2U4YSIdwQYN_ReK9NpMiB 2D 1QsDfVxmCC81Xi5UNTXkEo0799IVRRgWLThpw tnaEGafjpLv5jtlvH9jEzTmIDxpgIC6FguWo88WvhvrSZzLN2sqz8MdpiPcT2yMuz6MMP8q5 mqmXdyW91NsIzOMfk4culGgiCeeePBzaGslTYojkW60FEszKDVJbLpHr801Zzyd7ezGXLMGvTRtLqgQgdYxZVL7ypW3O36hRHgrQsMM5wZiPtNzMTM4tLrLo1YoRvZeD0T0iNfzqSxE82Q8Icg_McWHA3nj25YgHsl0Ej8ppsJC0rojJS1 6RraGRTgF7KfMoah5ruHVzd_zwh Vd4sTNR2OPd1pt71Zm4lsbUeyQe paqfKkrPbqqapnrMF4JXTx78Zoe8FjE4RbntHi n4kH7QawUKrc0Pn6TUTo8Hd PlUjyNjhMYqEiHXPqgsl_BMAU9uctZ3Ot7pjcBtWYLJqyDNvV9hI7Kwqi4OCmUHkL4kb_F7aPzKgNK_YL89QZKYpqfLwq9 S9gOrVtYXX85UyvbppA==-G20AAOTpFhMQ8m0m38zsZ8r AWM6vWMcONw62CILzTLR4JCjgx3akjSuMRoJ4j4YntxNR_crF8akTd_0vSY3pspD5Vl6f0IluN1yhNgjj081CkiIifIL

http://www.bytesendclear.com/Uhb1hfCVPPGNoBWRweJ4tk1efPeKFIo5mzw97OWzqZ43BqoP3s7Z3VQBp f6aYtDePH5MUBlfsSHzFFD3j1HtdHmSPMc31CZDYySlUxVRXwiJzva5vLvqezs60d1nKlou3XDFmFJMHANkEjO bqjQ46Ol SN5rVxaESoH3_DtUGYc6 H0hcSky8ppmKYd_sdppXAYKRRZwUz71qGU3WYeq6xN3sSAYH4O2sL9TOxhes26gqyuMFE4dIz1uoQVEDtgh37s5FWDrU6_92MtXmvrAvZWCEiz7QOM_a74 v2FTpiGpAT6Qv3ZXNK8jctnV33dWHriTT2hDiOlJepKsyfrc69HERcOJicq9zl4DAds_N0WUpDf0creStromHZK9bjnATEdNIZVvMkXQgLkecXsmEqLBms9jPDS7Q q3TiQxzNm6ls7ERSSYedxK_1TgSUUgzHYbgOhaTod9VWb11 zxDN56AgzSaaUpPCXtLSAnS2k6jY2n8O4_TkMiQOUy1F0lrKY4H5PtBA0N5u_2USlUjqBgAng7xlWPDwHyeSbHk2_3kCx7YZWhR8Rn xYKnR1JmvFsZ_aU509rPv6sMXssjw3tcRxg9dlalIrLXpNUDhxKlGkAU=-G20AAOTpFhMQ8m0m38zsZ8r AWM6vWMcONw62CILzTLR4JCjgx3akjSuMRoJ4j4YntxNR_crF8akTd_0vSY3pspD5Vl6f0IluN1yhNgjj081CkiIifIL-E

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkbJ-8v1B1h7hYAjDJ66jgRCsgov3PJvcjZH-wDNFh7aPw_u2GCbUMEBa9X_D87rKgmFE-kYQK0LXKpYpfvlpJ_BUhejMN_gymccYOgMnqrILOk2xcSPHBgVFhFoH6uIKU_umad6AIaFHZ0BNuPh9swA9-IkVLodglFcE_YJMjzP9&pv=2

http://s5954.chomikuj.pl/File.aspx?e=kso-WyvlgDSGkGVEqbTrkbJ-8v1B1h7hYAjDJ66jgRAG4QrL9n-XBwLPvYhaCnhatagBgLCsZOS_mDbzEr9XySaBDy9BKXY8EK1ofQRyRhly5FPKskTgkSqobqzJ0-vKXVsshvb4hTkJBfi4VotldtFEf78UWHF0qUAN7WlePVitO7jVWJFuCr-uu3izb7XW&pv=2

http://www.bytesendclear.com/c?x=jKnojJiHoa3uQm6W1qHM/jkHnWB2f9RUMmNJ/c5KfCY=&e=1&c=LCyzqndVnc8bVvvisUIaoOFFBb5EhJQa90ncn0vjhBXEuzv1gg331GN15a acyhni5smes sMBujrR0drPbYVj GIpSu7aHlNwv3im6G9OoQuGKsX8ftIwJ8yqpTWXsx43Gqab8gu5Z/dpknVXMzzA6zWWVQfWRqn3CQT13NGHY=&fallback_url=http://files-download.poradnikdogry.pl/BiuroIPraca/PakietyBiurowe/.../OOo_Win_x86_install-wJRE_pl.exe&downloadAs=OpenOffice.org 3.3.0.exe

http://www.bytesendclear.com/c?x=hiYk1dLzUBjVUcY/DdhZBiRDzQ1UkeJFe1xH bK3kVE=&e=1&c=cQO j4uXQnAkgsp74Xd7uAR0pySSuaGMPM X03OkT3nN cCAIjyoFb8yiCHfDNanEDB33VhciSOILqnzMCCV60nje4ZW4YY7o2im4M5BUULuXXjCGni/e8SP48zE2Ap4njYs0 r0PgyP1sR5U8p2 PA3Hq2q Q 0tzA1saaUS4E=&fallback_url=http://files-download.poradnikdogry.pl/BiuroIPraca/PakietyBiurowe/.../Apache-OpenOffice-pl.exe&downloadAs=Apache OpenOffice 4.1.2.exe

Latest 30 of 85 download URLs