» openoffice - chip-downloader.exe
Overview
Analysis
File Details

openoffice - chip-downloader.exe

OCSClient

CHIP Digital GmbH

The application openoffice - chip-downloader.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 25 anti-malware scanners. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

CHIP Digital GmbH (signed and verified)

Product:

OCSClient

Description:

CHIP Secured Installer

Version:

7.00

MD5:

cb95ab01bb9b0cb9672f9b594c15b4b5

SHA-1:

1e179b66307d00ff2ab63f157c85402ad6a9425e

SHA-256:

bef7c6e4a9f82edc63c5220b068f0a822e7d0a41c52d71cb351cf0e0dbb1fa75

Scanner detections:

25 / 68

Status:

Potentially unwanted

Explanation:

May bundle various unwanted software without adequate user consent.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 3:50:51 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

APPL/Downloader.Gen

7.11.189.208

AVG

Could be an adware MultiBundle.dropper

2017.0.2833

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

TrojWare.Win32.VB.HEFF

20026

Dr.Web

Adware.Downware.10859, Adware.Downware.2124

9.0.1.046

ESET NOD32

Win32/DownloadSponsor.C potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.72309

2/15/2016

F-Prot

W32/A-9c782153

v6.4.7.1.166

G Data

Win32.Application.OCSClient

16.2.24

K7 AntiVirus

Unwanted-Program

13.186.14210

Kaspersky

not-a-virus:Downloader.Win32.OCSBundle

14.0.0.658

Malwarebytes

PUP.Optional.DownloadSponsor

v2016.02.15.10

McAfee

Artemis!07D32E786E2A

5600.6489

NANO AntiVirus

Trojan.Win32.Downware.dkkmcy

0.28.6.64267

nProtect

Trojan/W32.Staser.613200

15.01.23.01

Panda Antivirus

Trj/Genetic.gen

16.02.15.10

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.ChipDigital.Bundler.Covus.Installer.Meta (M)

16.2.15.10

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.16213

Sophos

Generic PUA DB

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Dropper

9322

Total Defense

Win32/SillyDl.SRPeCJB

37.1.62.1

Vba32 AntiVirus

Downware.VB.AndreClient

3.12.26.0

Zillya! Antivirus

Trojan.Staser.Win32.2460

2.0.0.1997

File size:

598.8 KB (613,200 bytes)

Product version:

7.00

Original file name:

ocsclient.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

English (United States)

Common path:

C:\users\{user}\downloads\openoffice - chip-downloader.exe

Digital Signature

Signed by:

CHIP Digital GmbH

Authority:

Thawte, Inc.

Valid from:

2/25/2014 1:00:00 AM

Valid to:

2/26/2015 12:59:59 AM

Subject:

CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata

Compilation timestamp:

1/15/2014 3:02:34 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:7KWlw1DxDlASIAfCEv2YUMNJlaJuNlK17Y4c83fhysVufBn597NX2F:77lw1DxJ5zfXeYU43fiysgfBnnl2F

Entry address:

0x1620

Entry point:

68, 08, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 6C, 51, CB, CF, 4C, 39, 05, 47, 9B, A7, 1A, 8F, 7C, 78, 87, FE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 03, 76, 0F, D7, 04, EA, F7, DC, 4B, 85, 6D, 25, A8, 40, C8, C5, 30, F6, 07, 2C, 55, A5, 90, CA, 4A, A7, 78, 6F, 37, 88, E2, A6, 56, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

96 KB (98,304 bytes)

Remove openoffice - chip-downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.