home

openoffice.exe

Installation Wizard

Advertiso GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application openoffice.exe by Advertiso GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
SecuredDownload  (signed by Advertiso GmbH)

Product:
Installation Wizard

Version:
1.0.13.24053

MD5:
99cfce6800de03f21895cd939813f4de

SHA-1:
56efa4a04547592939bc084440feec28f82b77b7

SHA-256:
4330e4fd511e38cbab8b17ae60e6491d24e56c26d4b41a424accc683b786e1b3

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/29/2024 1:03:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore (M)
17.3.14.12

File size:
1.2 MB (1,213,104 bytes)

Product version:
1.0.13.24053

Copyright:
SecuredDownload

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\openoffice.exe

Digital Signature
Signed by:
Advertiso GmbH

Authority:
GlobalSign nv-sa

Valid from:
1/20/2016 3:52:17 PM

Valid to:
5/17/2017 3:53:46 PM

Subject:
CN=Advertiso GmbH, O=Advertiso GmbH, L=Hamburg, S=Hamburg, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218D42D633AAFCED2E0A8CAF0245EEE3D1

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file openoffice.exe has been seen being distributed by the following URL.

http://www.bitstagcontent.com/LP6zLImtS7S R26mAVc CjajHtIwIgXny8OMGYq0y9G54AN_urOC8AYr3Q_D9J19t22DID_PWkBKh5iVv5H6dCWO7BPmGFz4JuHX0mUWPC_sit99Wtj2igKj BucnJOTdtSLNnEcSKxCI361fA 6jtDQSl1nKdQtZnUxa2QIN M5b_HxZgPw5SLxYNOxUT yyIsfH9abGu33bLiRJgey2vjmw3lMG67uX9PinUuB4SqRA5YjMRcjyy31EVcNX0If7URok3NmDQzLBR huAUYnRqOAD42Sd7n1vFvsqVCqqaxs_t3s0FlYy4Dm4vn30fPmCTf_RWbSr_IXVmnFJ6SO4drUlt08x LQr5Yc4YGAqKpjq4BouLQEFiVFfr9DN1ZzIT mKNvljgXZ3FgMZZ65Z6vDgWsFhRzHaEAcw3Tup z_qlw0RlAHwVH_ICRRZHuAAbuGyUOZmCIxE8qRoNuPxqHsuxbLpU6lGJeo33oHUKZd7mE 2H2ZFjzgLr_nk5xK _nwEhCXcbKr2iye_VwskncaOH_Zz27uGHi6UZu0itEYLrb8NqbU4lnZevMv5xdPsX3YEOLmnmxWTBcLhbW52JyQj7czSFw59JtXWF4h48nvK3bDLEQkkFzndfTshI7DgvAlgHWc9o9Y VkmcWY DAySQy5x_W3XB7icI12lbNTFKSN_49Kn81gSeOBGQ_5CqMexJhAbfZ3yXRbRQZYfU_OM2p7HKC9LD1 Lrr4MvQHXZTx5dyFW7i_C6zMO6BDkWYx16 IdYVWVdFamwbCcWKo HA2_A==-G1wAAORte8uraZF5VmNGQ2hFYFBOOQ3YWiBJ7XAg_HbwkIUqKHabbNe9ZxKNjJ1lvgASC8RMGaNKfPT_IE5Fjakf34c85wBpFcTQvwM=

Remove openoffice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.