» microsoft-office-2007.exe
Overview
Analysis
File Details
Downloads (1)

microsoft-office-2007.exe

OCSClient

CHIP Digital GmbH

The application microsoft-office-2007.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. The file has been seen being downloaded from secure.download-sponsor.de.

File name:

Publisher:

CHIP Digital GmbH (signed and verified)

Product:

OCSClient

Description:

CHIP Secured Installer

Version:

7.00

MD5:

12a7171ee4833f225088e15ff27d09c8

SHA-1:

0717a62bf09816c91cd9e1b3049e4637b0f9c848

SHA-256:

f648b1e5fd4bcb644fe63953aed59baedfa4efb8bcd4cff38988a3c2a46006a3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 7:14:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ChipDigital.Bundler (M)

16.8.4.13

File size:

938.8 KB (961,360 bytes)

Product version:

7.00

Original file name:

ocsclient.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\microsoft-office-2007.exe

Digital Signature

Signed by:

CHIP Digital GmbH

Authority:

Thawte, Inc.

Valid from:

2/25/2014 1:00:00 AM

Valid to:

2/26/2015 12:59:59 AM

Subject:

CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata

Compilation timestamp:

7/8/2014 4:40:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:V7lw1DxvNXeGQpnmSsR87RAie/kRRU7AAysgfBnnl2h:V7m1DjXeB7RAiej7AAysgpnnch

Entry address:

0x1684

Entry point:

68, 74, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, BE, 94, 86, 5E, 78, 67, 9E, 43, 9D, C2, E8, 8B, A9, F8, 76, C0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, 16, 1A, 2D, BC, FF, 5E, B7, 44, B2, 06, 38, F4, C1, 21, 31, 3B, C7, 14, 1B, 51, 28, 94, 81, 40, 89, 85, 2C, 1A, 60, AA, 65, 86, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

100 KB (102,400 bytes)

The file microsoft-office-2007.exe has been seen being distributed by the following URL.

https://secure.download-sponsor.de/?lastchange=1165014000&pid=dhtechradar&cid=129&camps=&campsel=&euid=148a54a9f8c36e7dcdb960e7&utm_source=undefined&utm_medium=undefined&utm_campaign=undefined&source=

Remove microsoft-office-2007.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.