» openoffice - chip-installer.exe
Overview
Analysis
File Details

openoffice - chip-installer.exe

OCSClient

CHIP Digital GmbH

The application openoffice - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Covus installer. The installer is marketed through download protals and search ads as the free Apache OpenOffice but will also install additional software offers which include adware, PUPs and browser toolbars.

File name:

Publisher:

CHIP Digital GmbH (signed and verified)

Product:

OCSClient

Description:

CHIP Secured Installer

Version:

7.00

MD5:

a88db142bfdf93bf2be40334749b152b

SHA-1:

4f7b27d3b6a54d4360a4eee0ef2e8fa34a02b5be

SHA-256:

59a6ebc4fec974e6590fa9e0d604d02337c8bf341bc2f5367631d6ee4679e6fd

Scanner detections:

6 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 12:15:37 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.151.172

avast!

Win32:Dropper-gen [Drp]

2014.9-141002

Dr.Web

Adware.Downware.3982

9.0.1.0275

ESET NOD32

Win32/DownloadSponsor (variant)

8.9853

McAfee

Artemis!06E5F4DA9FC0

5600.6990

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14930

File size:

938.8 KB (961,360 bytes)

Product version:

7.00

Original file name:

ocsclient.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Covus

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\openoffice - chip-installer.exe

Digital Signature

Signed by:

CHIP Digital GmbH

Authority:

Thawte, Inc.

Valid from:

2/25/2014 1:00:00 AM

Valid to:

2/26/2015 12:59:59 AM

Subject:

CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata

Compilation timestamp:

5/21/2014 10:57:12 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:Y7lw1DxzCe6QhDiT5DQKI4k9n3eaeQkLKaL44nhPysgfBnnl2J:Y7m1Dcej4k9n3eaeB44nhPysgpnncJ

Entry address:

0x1684

Entry point:

68, 74, F6, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 8B, CD, E8, D8, D6, CC, DC, 4E, 94, DD, DA, AA, F5, BE, B3, 10, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4F, 43, 53, 43, 6C, 69, 65, 6E, 74, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, A4, 10, 98, 0B, AC, 6A, 94, 4C, BD, 2D, DC, F5, C8, B4, 1C, 40, 0F, BA, D2, F3, 0B, 53, 69, 43, A4, DA, 57, 45, F9, 1F, 81, 61, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

100 KB (102,400 bytes)

Remove openoffice - chip-installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.