home

openoffice_setup.exe

SetupManager.exe

Optimum Installer

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application openoffice_setup.exe, “OpenOffice Setup ” by Optimum Installer has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
SetupManager  (signed by Optimum Installer)

Product:
SetupManager.exe

Description:
OpenOffice Setup

Version:
3.4.8

MD5:
ae2638c5917b82ae524892921f57311f

SHA-1:
fa5ed847d2a0f4e505f88d97f63581a68a1fa1a3

SHA-256:
45c832f0620aaa95bfdd861eb286c3a1124f03fab128b111bcdb5ea16a908d18

Scanner detections:
27 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/13/2025 12:03:53 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.IBryte
2014.09.02

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.170.136

avast!
Win32:Installer-J [PUP]
2014.9-160204

AVG
Adware Generic5
2017.0.2844

Clam AntiVirus
WIN.Adware.Ibryte-128
0.98/19318

Comodo Security
ApplicUnwnt.Win32.AdWare.iBryte.H
19398

Dr.Web
Adware.Downware.1144
9.0.1.035

ESET NOD32
Win32/Adware.iBryte.G application
10.7.0.302.0

Fortinet FortiGate
Riskware/IBryte
2/4/2016

F-Prot
W32/Ibryte.C.gen
v6.4.6.5.141

G Data
Win32.Adware.Ibryte
16.2.24

IKARUS anti.virus
PUA.OptInstall
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13230

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.714

Malwarebytes
PUP.Optional.Ibryte
v2016.02.04.02

McAfee
Adware-FOO
5600.6500

NANO AntiVirus
Trojan.Win32.Downware.csryeu
0.28.2.61942

Norman
Agent.ASWDM
11.20160204

nProtect
Trojan-Clicker/W32.Agent.788264
14.09.02.01

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Adknowledge.OptimumInstaller.Installer (M)
16.2.4.2

Rising Antivirus
PE:Malware.Agent!6.1033
23.00.65.16202

Sophos
iBryte Optimum Installer
4.98

Vba32 AntiVirus
SScope.Adware.OptimusInstaller.26607
3.12.26.3

VIPRE Antivirus
Threat.4778314
32210

Zillya! Antivirus
Adware.Agent.Win32.8136
2.0.0.1908

File size:
851.8 KB (872,232 bytes)

Product version:
3.4.8

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\openoffice_setup.exe

Digital Signature
Signed by:
Optimum Installer

Authority:
VeriSign, Inc.

Valid from:
10/11/2012 2:00:00 AM

Valid to:
11/8/2013 12:59:59 AM

Subject:
CN=Optimum Installer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Optimum Installer, L=Kansas City, S=Missouri, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7C5F27B776ADBBB7943F700066A490BF

File PE Metadata
Compilation timestamp:
5/10/2013 1:07:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:bI/UVgZXGDyqRiLiPO7GxMvD4cwlby3/NAGm5GQcuRUdwUUOs78N00V0PEfTXwsM:bI1dlNmcMUdwUUO0IV0orw5QJHXxGrPV

Entry address:
0x54DF2

Entry point:
E8, 14, E1, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 8D, E1, 00, 00, 83, C4, 14, 5D, C3, FF, 35, 6C, CD, 4A, 00, E8, A9, 4C, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 62, AE, 00, 00, 6A, 01, 6A, 00, E8, 8C, E4, 00, 00, 83, C4, 0C, E9, 6D, E3, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 56, 57, 33, FF, 3B, D7, 74, 07, 8B, 5D, 0C, 3B...
 
[+]

Code size:
466.5 KB (477,696 bytes)

The file openoffice_setup.exe has been seen being distributed by the following URL.

http://install.downloadster.net/o/.../OpenOffice_Setup.exe

Remove openoffice_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.