openofficecalc-setup.exe

Download Admin

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application openofficecalc-setup.exe by Download Admin has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Download Admin  (signed and verified)

MD5:
6055c27eacf4705e41fffd4c6874d5b6

SHA-1:
52b5607f99ef004239897b1bd1ed072abd8fd296

SHA-256:
2ab21f939391f7fab124ae1b6d486ff788246beea441c20d64022f5b36381ad3

Scanner detections:
9 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 6:25:10 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.2220
9.0.1.076

ESET NOD32
Win32/DownloadAdmin
8.9554

Malwarebytes
PUP.Optional.DownloadAdmin
v2014.03.17.11

NANO AntiVirus
Trojan.Win32.Downware.crgjbr
0.28.0.58491

Reason Heuristics
PUP.Installer.DownloadAdmin.U
14.8.7.20

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14315

Sophos
Download Admin
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Artemis
10721

VIPRE Antivirus
DownloadAdmin
27490

File size:
731.9 KB (749,504 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\openofficecalc-setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/19/2013 8:00:00 PM

Valid to:
5/29/2016 7:59:59 PM

Subject:
CN=Download Admin, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Download Admin, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2EEB247A8F9D63D74CE7EF9551E3D401

File PE Metadata
Compilation timestamp:
6/22/2012 2:07:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:qxpJu7vR2NeOwceBPj7VJgmMqNAxZgqkPmgyvv4e+MyN69qds3VPa1HVhk/:Wp473Ox07R3qNTwtM4ndsFCfhC

Entry address:
0x333B

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 2C, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, C0, 33, 42, 00, E8, 1D, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, 0B, 24, 00, 00...
 
[+]

Entropy:
7.3993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove openofficecalc-setup.exe - Powered by Reason Core Security