openoffice - chip-installer.exe

CHIP Digital GmbH

The application openoffice - chip-installer.exe, “CHIP Secured Installer” by CHIP Digital GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware. The file has been seen being downloaded from x.chip.de.
Publisher:
CHIP Digital GmbH  (signed and verified)

Description:
CHIP Secured Installer

Version:
1.0.0.0

MD5:
8d256bda780a59284de6956d4e2a3ee2

SHA-1:
5b2f870c0ee235f1ca0e63562c5da955ba5b8bc6

SHA-256:
168e32fa3bfb68f5a6363afef4608aba6c9fb11190ff473adeb354eb15524c6a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
7/7/2020 6:09:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ChipDigital.Bundler (M)
17.3.15.19

File size:
1.1 MB (1,101,648 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014 Chip Digital GmbH

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\openoffice - chip-installer.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/25/2014 1:00:00 AM

Valid to:
2/26/2015 12:59:59 AM

Subject:
CN=CHIP Digital GmbH, O=CHIP Digital GmbH, L=Muenchen, S=Bayern, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0D160B8252A4F0A16FE1255FA0A22E2B

File PE Metadata
Compilation timestamp:
8/18/2014 3:33:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x18D870

Entry point:
60, BE, 00, A0, 53, 00, 8D, BE, 00, 70, EC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
336 KB (344,064 bytes)

The file openoffice - chip-installer.exe has been seen being distributed by the following URL.

http://x.chip.de/intern/dl/?url=http://www.chip.de/.../?lastchange=070820141655&pid=chipde&cid=54383364&euid=06a710334a2ee1f2cf60725f&source=BLUB2&browser=chrome

Remove openoffice - chip-installer.exe - Powered by Reason Core Security