» openoffice.exe
Overview
Analysis
File Details
Downloads (1)

openoffice.exe

Secure Installer

The application openoffice.exe by Secure Installer has been detected as a potentially unwanted program by 7 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from downloader.downloadster.org a known adware distribution point operated by Downloadster.

File name:

openoffice.exe

Publisher:

Secure Installer (signed and verified)

MD5:

0a5804242e4c093e6b5670ccb45bcfd5

SHA-1:

3011375a9571f736b29126c634ee56b153a3e00d

SHA-256:

37cdee8588dd498452ffb25adc79a22948f2d2dc7d13e0b9d4e5810712a1f032

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/23/2024 12:27:04 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Crossrider1.49350

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Strictor.97895

11.5.0.6191

ESET NOD32

Win32/InstallCore.AZ potentially unwanted application

8.0.319.0

F-Prot

W32/InstallCore.S.gen

4.6.5.141

F-Secure

Variant.Strictor.97895

5.15.96

Norman

Gen:Variant.Strictor.97895

19.05.2016 01:04:49

Reason Heuristics

PUP.installCore.SecureIn (M)

16.6.12.3

File size:

1.2 MB (1,216,648 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\openoffice.exe

Digital Signature

Signed by:

Secure Installer

Authority:

COMODO CA Limited

Valid from:

9/25/2012 12:00:00 AM

Valid to:

9/25/2013 11:59:59 PM

Subject:

CN=Secure Installer, O=Secure Installer, STREET=720 Market Street, STREET=5th floor, L=San Francisco, S=CA, PostalCode=94102, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C3507C1ADDE6B4C52E5426990F85CA2B

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:cy/qOYzf9CvtlAi23Xx9C/ldiT9sOHUghT/lOhWIO4HpB:cem9Cvterhj9sRg99OARQ

Entry address:

0xD8780

Entry point:

55, 8B, EC, 83, C4, F0, B8, 64, 6D, 41, 00, E8, 5D, D7, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7150

Developed / compiled with:

Microsoft Visual C++

Code size:

877.5 KB (898,560 bytes)

The file openoffice.exe has been seen being distributed by the following URL.

http://downloader.downloadster.org/.../writer.php?kw=download microsoftword&type=writer&subid=DSTWIR&cust= download microsoftword&gclid=CLjtzdSyp7UCFYKL4QodPD8AmQ&utm_campaign=DSTWIR&fwd=1

Remove openoffice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.