home

openoffice_rc1.exe

AccuInstall

The application openoffice_rc1.exe by AccuInstall has been detected as adware by 7 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.downloadbin.com.
Publisher:
AccuInstall  (signed and verified)

MD5:
bc04a11f5d8829896abcc8212806aa79

SHA-1:
27f78dfa80c464df3ed8ec898ae37ea20b27b7df

SHA-256:
7065c146d8c3475918ebf949ebd67a50dc21969a48e509abddeb3600638a0191

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/15/2024 12:05:10 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.57.50

ESET NOD32
Win32/InstallCore.AG (variant)
8.7892

F-Prot
W32/InstallCore.G.gen
v6.4.6.5.141

K7 AntiVirus
Unwanted-Program
13.158.8108

Reason Heuristics
PUP.AccuInstall.O
14.12.11.23

Trend Micro House Call
TROJ_GEN.F47V0828
7.2.285

Vba32 AntiVirus
Malware-Cryptor.InstallCore.9
3.12.18.4

File size:
1 MB (1,082,552 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\openoffice_rc1.exe

Digital Signature
Signed by:
AccuInstall

Authority:
COMODO CA Limited

Valid from:
11/6/2011 7:00:00 PM

Valid to:
11/6/2013 6:59:59 PM

Subject:
CN=AccuInstall, O=AccuInstall, STREET=2360 Corporate Circle, STREET=Suite 400, L=Henderson, S=NV, PostalCode=89074, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C7A24A726209072AC474B795FA0984AA

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:mFa0CDIu68DAGcHi8DkkLvbKlZjlv8rRbO4ZejdZ7sn7KzN284u:PZkkjcvkkLjKlZjlv8rpiZY7EN2Du

Entry address:
0xCA590

Entry point:
55, 8B, EC, 83, C4, F0, B8, 08, 22, 40, 00, E8, C0, E8, FF, FF, 40, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 00, 00, 00, 46, 78, 11, 40, 00, 08, 00, 00, 00, 00, 00, 00, 00, F0, 11, 40, 00, 84, 11, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F0, 11, 40, 00, 0C, 00, 00, 00, B4, 10, 40, 00, 64, 37, 40, 00, F0, 5F, 40, 00, FC, 5F, 40, 00, 78, 37, 40, 00, 6C, 37, 40, 00, 0C, 60, 40, 00, D0, 34, 40, 00, 0C, 35, 40, 00, 11, 54...
 
[+]

Entropy:
6.9580

Developed / compiled with:
Microsoft Visual C++

Code size:
826 KB (845,824 bytes)

The file openoffice_rc1.exe has been seen being distributed by the following URL.

http://www.downloadbin.com/.../OpenOffice_RC1.exe

Remove openoffice_rc1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.