home

openoffice-4-0-1.exe

OCSClient

CHIP Digital GmbH

The application openoffice-4-0-1.exe by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Chip Digital OCSClient installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
CHIP Digital GmbH  (signed and verified)

Product:
OCSClient

Version:
1.00

MD5:
3e1cb3367a1651c95a5d7e8c9bf13197

SHA-1:
e08230a75fa76e7cd31ba8c14f0cd44c96438257

SHA-256:
19ded5ce3f7b93c024b11a4d67f6dd0c3b4d8392c8aa7f853c1725d98f183792

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/8/2024 8:22:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.1.31.7

File size:
600.4 KB (614,792 bytes)

Product version:
1.00

Original file name:
ocsclient.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Chip Digital OCSClient

Language:
English (United States)

Common path:
C:\users\{user}\downloads\openoffice-4-0-1.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
COMODO CA Limited

Valid from:
1/7/2014 7:00:00 PM

Valid to:
1/8/2015 6:59:59 PM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, STREET=St.-Martin-Str. 66, L=Munich, S=Bavaria, PostalCode=81541, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F0BAAB0E388698D0A2DD8D584AF69876

File PE Metadata
Compilation timestamp:
11/27/2013 7:28:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:vKWlw1Dx+tASQFfCEv2YUMNJlaJuNlK17Y4c83fhysVufBn597NX2:v7lw1Dxq5QFfXeYU43fiysgfBnnl2

Entry address:
0x1620

Entry point:
68, 08, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, EF, 4E, 90, D9, AA, 0A, CD, 43, 91, 50, 46, 79, E4, 37, D4, 82, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 6E, 64, 72, 65, 5C, 44, 00, 00, 00, 00, FF, CC, 31, 00, 03, 23, 5A, 55, 3A, 3C, E0, 07, 47, B3, 35, 82, 3C, 05, 78, AE, A7, 47, FF, BF, 0B, 62, DE, 67, 44, A8, 40, C9, 76, C0, F9, 23, 95, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.0868

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
96 KB (98,304 bytes)

Remove openoffice-4-0-1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.