download-apache_openoffice_4.1.1_win_x86_install_en-us.exe

Covus Pro GmbH

The application download-apache_openoffice_4.1.1_win_x86_install_en-us.exe by Covus Pro GmbH has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Covus Pro GmbH  (signed and verified)

MD5:
48a87aea1fd117dc622ae4c4e5d06d3f

SHA-1:
6a3fdf075d7aef6030d90bf6249911e86bd51eb1

SHA-256:
e64ea71c74ba9bc59c229a8d0e56f15d3b3540d8cf1d40a8f2fdf136538c17c9

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 10:14:30 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/DownloadGuide.Gen
3.6.1.96

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.10328
9.0.1.0168

ESET NOD32
Win32/DownloadGuide.E potentially unwanted
9.11524

herdProtect (fuzzy)
2015.6.17.22

K7 AntiVirus
Unwanted-Program
13.203.15693

Kaspersky
not-a-virus:Downloader.Win32.DownloadHelper
14.0.0.1870

NANO AntiVirus
Trojan.Nsis.DownloadHelper.dqgttx
0.30.20.1219

Reason Heuristics
PUP.Bundler.Covus
15.3.11.13

VIPRE Antivirus
Threat.4150696
39354

Zillya! Antivirus
Downloader.DownloadHelper.Win32.61
2.0.0.2149

File size:
363.3 KB (372,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\download-apache_openoffice_4.1.1_win_x86_install_en-us.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/11/2015 2:39:38 PM

Valid to:
2/23/2016 2:53:38 PM

Subject:
CN=Covus Pro GmbH, O=Covus Pro GmbH, L=Berlin, C=DE

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00B62BB34DE8E3FE56

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:mQqXRNj4FfyhQU3jIDMppZ9VcbLie/AeNH9uzhRXp7eFTpQFF8kvlQz8:aRN0uQU3iKPe4EH9uFQTmmUQg

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)