home

openoffice - chip-downloader.exe

OCSClient

CHIP Digital GmbH

The application openoffice - chip-downloader.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
CHIP Digital GmbH  (signed and verified)

Product:
OCSClient

Description:
CHIP Secured Installer

Version:
7.00

MD5:
f2f504709b3bcaf6d7bd27494ef30905

SHA-1:
3763f61e85a1004e8f2f172244505fc137be7614

SHA-256:
f4f5246ddf44418ebcaaf8b6a45681c93a731ad0ab6dd58ed7bb7a99e12d0d4d

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
May bundle various unwanted software without adequate user consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 12:30:51 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.186.196

AVG
Could be an adware MultiBundle.dropper
2014.0.4189

Dr.Web
Adware.Downware.2124
9.0.1.05190

ESET NOD32
Win32/DownloadSponsor.A potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.72309
11/17/2014

Kaspersky
Trojan.Win32.Staser
15.0.0.494

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.141115

SUPERAntiSpyware
Adware.Downware/Variant
10232

Vba32 AntiVirus
Downware.VB.AndreClient
3.12.26.3

File size:
600.4 KB (614,792 bytes)

Product version:
7.00

Copyright:
Copyright © 2014 Chip Digital GmbH

Original file name:
ocsclient.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
English (United States)

Common path:
C:\users\{user}\downloads\openoffice - chip-downloader.exe

Digital Signature
Signed by:
CHIP Digital GmbH

Authority:
COMODO CA Limited

Valid from:
1/8/2014 1:00:00 AM

Valid to:
1/9/2015 12:59:59 AM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, STREET=St.-Martin-Str. 66, L=Munich, S=Bavaria, PostalCode=81541, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F0BAAB0E388698D0A2DD8D584AF69876

File PE Metadata
Compilation timestamp:
1/15/2014 3:02:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:6KWlw1DxDOASIAfCEv2YUMNJlaJuNlK17Y4c83fhysVufBn597NX2:67lw1Dx65zfXeYU43fiysgfBnnl2

Entry address:
0x1620

Entry point:
68, 08, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 6C, 51, CB, CF, 4C, 39, 05, 47, 9B, A7, 1A, 8F, 7C, 78, 87, FE, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 03, 76, 0F, D7, 04, EA, F7, DC, 4B, 85, 6D, 25, A8, 40, C8, C5, 30, F6, 07, 2C, 55, A5, 90, CA, 4A, A7, 78, 6F, 37, 88, E2, A6, 56, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
96 KB (98,304 bytes)

Remove openoffice - chip-downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.