pobierz_openoffice_v4.1.1.exe

Generic program

New Software S.C. Marek Lubas, Mateusz Ponikowski

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application pobierz_openoffice_v4.1.1.exe, “Generic program Setup ” by New Software S.C. Marek Lubas, Mateusz Ponikowski has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Application   (signed by New Software S.C. Marek Lubas, Mateusz Ponikowski)

Product:
Generic program

Description:
Generic program Setup

MD5:
d0e151d37641b538018b6c082846b6ba

SHA-1:
e4852140155c338fccb7f575fdcebf98c11a065b

SHA-256:
d34f08e9a0e6c5b2c570411475e29e25414b8fd6342090abe4efed437588f3d4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 3:32:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.NewSoftwareMarekLubasMateuszPonikowski.Installer (M)
15.12.19.0

File size:
725.7 KB (743,120 bytes)

Product version:
5.2

Copyright:
Internet

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pobierz_openoffice_v4.1.1.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
12/5/2014 1:06:32 AM

Valid to:
12/6/2015 1:06:32 AM

Subject:
CN="New Software S.C. Marek Lubas, Mateusz Ponikowski", O="New Software S.C. Marek Lubas, Mateusz Ponikowski", L=Zielona Gora, C=PL

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210A98EE121710AB952C9AABC56B37F5DC

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:6DxaYaDZYgunLIOrg34yiNDVz9liaPSbk2UQF:6DxtGyguhrRyiNDVzzZPUk29F

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8346

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file pobierz_openoffice_v4.1.1.exe has been seen being distributed by the following 10 URLs.

http://cdn.instalkigetitquickdownload.com/c?x=WASwAZvpv2k0DuuYvlqunZSgLmL7t4PsVj4s 6GOj9U=&c=dc8Wx wgfFYpfjKc0c2oRvVEloMZS9dqX0T6CN3kq456jf/kO5rVUqT WKcE BlVgCkko1p73oaJWoPZ5EVP3g==&downloadAs=pobierz_Openoffice_V4.1.1.exe&fallback_url=http://.../

Remove pobierz_openoffice_v4.1.1.exe - Powered by Reason Core Security