openoffice_setup.exe

TODO:

iBryte

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application openoffice_setup.exe, “OpenOffice ” by iBryte has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
iBryte  (signed and verified)

Product:
TODO: <Product name>

Description:
OpenOffice

Version:
1.0.0.1

MD5:
305bf5f14e8b5951c174d0e3f90a3c1c

SHA-1:
c84b57159b8255d643f6c93130daf3f8117e3ae3

SHA-256:
5c8bd567fff9de142f849f486e0e2736533d346263e9337dfd305754de45f277

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/27/2024 6:25:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
17.3.2.3

File size:
682.7 KB (699,056 bytes)

Product version:
1.0.0.1

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\openoffice_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/16/2010 9:00:00 PM

Valid to:
6/16/2012 8:59:59 PM

Subject:
CN=iBryte, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iBryte, L=New Castle County, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B2B3E2D634718E9BD4D41725481BAF3

File PE Metadata
Compilation timestamp:
9/16/2011 11:04:49 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x60EBA

Entry point:
E8, A7, E9, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 8B, 4D, 08, 53, 8B, 5D, 0C, 56, 57, 33, FF, 89, 4D, F8, 89, 5D, FC, 39, 7D, 10, 74, 21, 39, 7D, 14, 74, 1C, 3B, CF, 75, 1F, E8, 13, 09, 00, 00, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, 57, E8, 83, D8, FF, FF, 83, C4, 14, 33, C0, 5F, 5E, 5B, C9, C3, 8B, 75, 18, 3B, F7, 74, 0D, 83, C8, FF, 33, D2, F7, 75, 10, 39, 45, 14, 76, 21, 83, FB, FF, 74, 0B, 53, 57, 51, E8, 45, C9, FF, FF, 83, C4, 0C, 3B, F7, 74, B9, 83, C8, FF, 33, D2, F7, 75, 10...
 
[+]

Entropy:
6.3842

Code size:
507.5 KB (519,680 bytes)

Remove openoffice_setup.exe - Powered by Reason Core Security