» openofficesuite-us-setup-organic.exe
Overview
Analysis
File Details

openofficesuite-us-setup-organic.exe

Golden Banners

The application openofficesuite-us-setup-organic.exe by Golden Banners has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Tomorrow Software Installer installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

Golden Banners (signed and verified)

Product:

Golden Banners

Version:

97.3.4.344

MD5:

26b6b02ff2a7dda6f4396a6594c33216

SHA-1:

1e4f924f886443e5a95155072677ba3bef4cfcf2

SHA-256:

ee74982200717821f5a0bbd4f6b3c5777624a868d0e8aeb924100f3b8218748c

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/5/2024 12:43:53 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TomorrowSoftware.GoldenBanners.Bundler (M)

15.12.7.8

File size:

1 MB (1,049,528 bytes)

Product version:

97.3.4.344

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Tomorrow Software Installer

Language:

English (United States)

Common path:

C:\users\{user}\downloads\openofficesuite-us-setup-organic.exe

Digital Signature

Signed by:

Golden Banners

Authority:

GoDaddy.com, Inc.

Valid from:

11/20/2015 4:06:39 PM

Valid to:

9/10/2016 1:39:55 PM

Subject:

CN=Golden Banners, O=Golden Banners, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

75D13BFBB761BE47

File PE Metadata

Compilation timestamp:

11/11/2014 7:28:30 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:3v2bDvwFxBGNf/IvhCNOyyrpG+zlE1UHNHb531Sn0h9N:DxCuCNxy8xmHNHl1c0hz

Entry address:

0x460A

Entry point:

E8, 71, 98, 00, 00, E9, 90, 90, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, AC, 57, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 04, 68, 44, 3A, 41, 00, 6A, 00, 50, E8, AF, 14, 00, 00, 83, C4, 0C, B8, 01, 00, 00, 00, C3, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 04, 85, C0, 74, 06, A1, 6C, F1, 40, 00, C3, 8B, 4C, 24, 04, 85, C9, 74, 06, A1, 70, F1, 40, 00, C3, 8B, 54, 24, 04, 85, D2, 74, 06, A1, 74, F1, 40, 00, C3, 8B, 44, 24, 04, 85, C0, 74, 06, A1, 78, F1, 40, 00, C3, 8B, 4C... 
[+]

Entropy:

7.9751 (probably packed)

Code size:

54 KB (55,296 bytes)

Remove openofficesuite-us-setup-organic.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.