download-apache_openoffice_4.1.1_win_x86_install_en-us.exe

Covus Pro GmbH

The application download-apache_openoffice_4.1.1_win_x86_install_en-us.exe by Covus Pro GmbH has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars. The file has been seen being downloaded from loadion.com.
Publisher:
Covus Pro GmbH  (signed and verified)

MD5:
2cf62815551326f20a725a77644cf9f9

SHA-1:
7a54472e47a580f8ffcd402b2ef30145360106bc

SHA-256:
3bd3992cf5e040c200de19d82c7c4fca1daaa290be65cb6850c407f6aed63383

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/5/2024 10:26:19 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/DownloadGuide.Gen
7.11.216.52

Reason Heuristics
PUP.Bundler.Covus
15.3.11.13

VIPRE Antivirus
Threat.4150696
38050

File size:
363.3 KB (372,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\download-apache_openoffice_4.1.1_win_x86_install_en-us.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
3/11/2015 2:39:38 PM

Valid to:
2/23/2016 2:53:38 PM

Subject:
CN=Covus Pro GmbH, O=Covus Pro GmbH, L=Berlin, C=DE

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00B62BB34DE8E3FE56

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:nQqXRNj4FfyhQU3jIDMppZ9VcbLie/AeNH9uzhRXp7eFTpQFF8kvlQy:BRN0uQU3iKPe4EH9uFQTmmUQy

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file download-apache_openoffice_4.1.1_win_x86_install_en-us.exe has been seen being distributed by the following URL.