» apache_openoffice_4.1.1_win_x86_install_en-us.exe
Overview
Analysis
File Details
Downloads (6)

apache_openoffice_4.1.1_win_x86_install_en-us.exe

OpenOffice

RICH MEDIA SYSTEMS INC.

The application apache_openoffice_4.1.1_win_x86_install_en-us.exe by RICH MEDIA SYSTEMS INC has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from openoffice.1800download.com and multiple other hosts.

File name:

Publisher:

RICH MEDIA SYSTEMS INC. (signed and verified)

Product:

OpenOffice

Version:

1.0.0.0

MD5:

7ccd61d90ea4e9a414aebf275bfb2a67

SHA-1:

5d4496602dcbcc8689469ea3cd77c018f5ade33a

SHA-256:

1429b951b56e469ab78d62c2e1180278df641efefbb38e2e0d28f4c274d0445a

Scanner detections:

21 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

5/16/2025 8:04:22 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-150321

AVG

OpenCandy

2016.0.3163

Clam AntiVirus

Win.Trojan.Agent-855157

0.98/21511

Dr.Web

Adware.Downware.10304

9.0.1.080

ESET NOD32

Win32/OpenCandy.C potentially unsafe (variant)

9.11351

G Data

Win32.Adware.OpenCandy

15.3.25

K7 AntiVirus

Trojan

13.202.15327

Malwarebytes

PUP.Optional.OpenCandy

v2015.03.21.10

McAfee

Artemis!7CCD61D90EA4

5600.6819

Reason Heuristics

PUP.Installer.RICHMEDIASYSTEMS

15.5.8.23

Trend Micro House Call

Suspicious_GEN.F47V0313

7.2.80

VIPRE Antivirus

Trojan.Win32.Generic

38600

File size:

418.1 KB (428,096 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\apache_openoffice_4.1.1_win_x86_install_en-us.exe

Digital Signature

Signed by:

RICH MEDIA SYSTEMS INC.

Authority:

Symantec Corporation

Valid from:

2/17/2015 10:00:00 AM

Valid to:

2/18/2016 9:59:59 AM

Subject:

CN=RICH MEDIA SYSTEMS INC., O=RICH MEDIA SYSTEMS INC., L=HENDERSON, S=Nevada, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

3F87144C25AF8BCF29F29C5A1FEEF4BA

File PE Metadata

Compilation timestamp:

5/20/2013 9:53:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:tiu9CP/fUr/ShC9wGXYXFoFK2uUXIrpFnILPe:X9CP/MzSY9wGX7uUYrpFnILG

Entry address:

0x331C

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00... 
[+]

Entropy:

7.8461

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

The file apache_openoffice_4.1.1_win_x86_install_en-us.exe has been seen being distributed by the following 6 URLs.

http://openoffice.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/zyn9np5iNEMJ1Xka6n3fHm/ykYYazeeEKqtGr8lxr9yz4WXAQaDqXCkWBO1qnD8gfbbvNjZmXFA4p8ziUcEDSK1AX1/ksk7/Cn7U2ueUrcfwsTrJXRePKs5dhIOO6S0XHx1apuGZkJg2bPvSywkfIf01Ok9Cmu4uRnFmPV UsvhJdClLHtY1suvTKl1zEVAgte92AanOPwsxHnJB9Fc8MbUBCC33NmYnEN5OfUHFNhhVip9rafkA08p2wS7lNdGGT6lQh/.../m1obCnvY

http://openoffice.1800download.com/get_azure_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxLzYNbB6qNjszqo9DEhnskFbk3hYqmpdzPlggFKOTqGGu2lELUywbFhxc3eDQ b7WyhWFT84XG g/6SpNvSgycPs55ziVRIRne1AX1/l8k7vnKuSGjaSr5W2sLnJTxEYr04PU5Wb/rlXTl1fMfENEpi3fK8R0l6ONCsjrtjVzrv3V7RneFta9XkLq3mZ3czhp/.../B5YxCmin2DUUgnYjlVFJu7wwhGCnvY

http://openoffice.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/yOn9np5iNEIJ1Xlarr1N3SuyxdSM2OGCb3 W/VrkvAlhpqPDE b/i/yHhm37SXg3aOI/YzKmiBBo58ixxFQXzWtCzRnldEivSH8UHHPH AInYXzPHQNa7MgLhkHIaS0XHl1ao6Xcgkpz6vmGDQgfpf5kuczBHvv hqW3qp D8u3ccasZ3Zd2Mm4G JnlR4f/9Gk2UrzLaB3nT6lAN1Wrc2/SWu/6s3FiCdjbbJKT5ZseS5w6LfIQlo00EnmgYQXRkPlGAztovWjnlFKdnrC1zNKnp2CbC7HEB/.../ezkGQ4OimwNPEHvY

http://1800dcdn.blob.core.windows.net/dir195/wi/18/33/1/.../apache_openoffice_4.1.1_win_x86_install_en-us.exe

http://openoffice.1800download.com/get_azure_file/wUiS4WnYccXEwj /.../MyynlxwLHmHsmkez4CKZGCjBkvfguh8ahD7livVDhhxLWhUVJuoyBtPCnvY

http://downloads.sourceforge.net/project/openofficeorg.mirror/4.1.1/binaries/.../Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe

Remove apache_openoffice_4.1.1_win_x86_install_en-us.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.