» openoffice.org.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

openoffice.org.exe

XENIUM

The application openoffice.org.exe by XENIUM has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from storage2.dobreprogramy.pl. While running, it connects to the Internet address nlb-dobreprogramy.xenium.pl on port 80 using the HTTP protocol.

File name:

openoffice.org.exe

Publisher:

XENIUM (signed and verified)

MD5:

ab1149ea527fffc08b659ee786d86630

SHA-1:

75f598049d240eecd17d45d6c89227c49a4763b8

SHA-256:

3ff98c07cb5f5668598f509046c6baab1eaefda024ba1e84a9aab48f1b86918f

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/27/2024 11:05:35 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Downloader-TQO [PUP]

2014.9-150402

ESET NOD32

Win32/DobreProgramy potentially unwanted application

9.7.0.302.0

herdProtect (fuzzy)

variant of image-signature(11795).exe (Adware)

2015.6.27.0

IKARUS anti.virus

PUA.DobreProgramy

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.202.15462

Reason Heuristics

PUP.XENIUM

15.3.21.8

VIPRE Antivirus

Threat.4786018

35224

File size:

446.1 KB (456,808 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\documents and settings\administrator\moje dokumenty\downloads\openoffice.org.exe

Digital Signature

Signed by:

XENIUM

Authority:

COMODO CA Limited

Valid from:

8/21/2012 2:00:00 AM

Valid to:

8/22/2013 1:59:59 AM

Subject:

CN=XENIUM, O=XENIUM, STREET=Al. Jana Kasprowicza 94, L=Wrocław, S=dolnośląskie, PostalCode=51-145, C=PL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0086EFAB0F9A06ED62A2D7D81BF3D251DF

File PE Metadata

Compilation timestamp:

2/6/2013 5:32:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:GIK3Sta6jDMP2E+4Rv/LcUx6KFJ+ufMrzIzlXtIg0/c9i:i32a6XxEZoG6S+St8c9i

Entry address:

0x1826B0

Entry point:

60, BE, 00, B0, 51, 00, 8D, BE, 00, 60, EE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

416 KB (425,984 bytes)

The file openoffice.org.exe has been seen being distributed by the following URL.

http://storage2.dobreprogramy.pl/.../OpenOffice.org(12495).exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to nlb-dobreprogramy.xenium.pl (194.0.171.152:80)

Remove openoffice.org.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.