openoffice.exe

Secure Installer

The application openoffice.exe by Secure Installer has been detected as a potentially unwanted program by 7 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from downloader.downloadster.org a known adware distribution point operated by Downloadster.
Publisher:
Secure Installer  (signed and verified)

MD5:
0a5804242e4c093e6b5670ccb45bcfd5

SHA-1:
3011375a9571f736b29126c634ee56b153a3e00d

SHA-256:
37cdee8588dd498452ffb25adc79a22948f2d2dc7d13e0b9d4e5810712a1f032

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/26/2024 12:26:46 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider1.49350
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Strictor.97895
11.5.0.6191

ESET NOD32
Win32/InstallCore.AZ potentially unwanted application
8.0.319.0

F-Prot
W32/InstallCore.S.gen
4.6.5.141

F-Secure
Variant.Strictor.97895
5.15.96

Norman
Gen:Variant.Strictor.97895
19.05.2016 01:04:49

Reason Heuristics
PUP.installCore.SecureIn (M)
16.6.12.3

File size:
1.2 MB (1,216,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\openoffice.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
9/25/2012 12:00:00 AM

Valid to:
9/25/2013 11:59:59 PM

Subject:
CN=Secure Installer, O=Secure Installer, STREET=720 Market Street, STREET=5th floor, L=San Francisco, S=CA, PostalCode=94102, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C3507C1ADDE6B4C52E5426990F85CA2B

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:cy/qOYzf9CvtlAi23Xx9C/ldiT9sOHUghT/lOhWIO4HpB:cem9Cvterhj9sRg99OARQ

Entry address:
0xD8780

Entry point:
55, 8B, EC, 83, C4, F0, B8, 64, 6D, 41, 00, E8, 5D, D7, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7150

Developed / compiled with:
Microsoft Visual C++

Code size:
877.5 KB (898,560 bytes)

The file openoffice.exe has been seen being distributed by the following URL.

Remove openoffice.exe - Powered by Reason Core Security