home

openofficewriter-setup.exe

Full Spectrum Interactive

The application openofficewriter-setup.exe by Full Spectrum Interactive has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from files4.openoffice.us.com.
Publisher:
Modern New Installer  (signed by Full Spectrum Interactive)

Product:
Modern New Installer

Version:
33.9.8.1085

MD5:
2b20cd828498f42087823c69c86d681f

SHA-1:
a671f831b48119d9042f186a14bb7001b91e7871

SHA-256:
b743348cddd96c892051f76407588f446dbf85952a2118ed1d965e814e36e177

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
4/24/2024 10:41:20 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/DownloadAdmin.KA
8.3.2.2

Dr.Web
Trojan.Vittalia.419
9.0.1.0294

Emsisoft Anti-Malware
Gen:Variant.Symmi.6376
8.15.10.21.03

ESET NOD32
Win32/DownloadAdmin.N potentially unwanted (variant)
9.12375

F-Prot
W32/S-53ab7a3d
v6.4.7.1.166

F-Secure
Gen:Variant.Symmi.6376
11.2015-21-10_4

Kaspersky
not-a-virus:Downloader.Win32.DownloAdmin
14.0.0.1242

Malwarebytes
PUP.Optional.DownLoadAdmin
v2015.10.21.03

Reason Heuristics
PUP.DownloadAdmin.FullSpectrumInteractive.Installer (M)
15.10.1.6

VIPRE Antivirus
Trojan.Win32.Generic
44376

File size:
872.5 KB (893,480 bytes)

Product version:
33.9.8.1085

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\openofficewriter-setup.exe

Digital Signature
Signed by:
Full Spectrum Interactive

Authority:
GoDaddy.com, Inc.

Valid from:
9/6/2015 4:40:44 PM

Valid to:
9/6/2016 3:41:52 PM

Subject:
CN=Full Spectrum Interactive, O=Full Spectrum Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00C38AD160BBA36A58

File PE Metadata
Compilation timestamp:
9/3/2014 12:45:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:KnB8CyXT2VeKShFAW6jiiLin/drCabZQT7xje4:ks2VeRhRURLinlWIZQ5a

Entry address:
0xD5E2

Entry point:
E8, 3C, 05, 00, 00, E9, 57, FD, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, 4D, 41, 00, 89, 0D, 2C, 4D, 41, 00, 89, 15, 28, 4D, 41, 00, 89, 1D, 24, 4D, 41, 00, 89, 35, 20, 4D, 41, 00, 89, 3D, 1C, 4D, 41, 00, 66, 8C, 15, 48, 4D, 41, 00, 66, 8C, 0D, 3C, 4D, 41, 00, 66, 8C, 1D, 18, 4D, 41, 00, 66, 8C, 05, 14...
 
[+]

Entropy:
7.9692  (probably packed)

Code size:
53 KB (54,272 bytes)

The file openofficewriter-setup.exe has been seen being distributed by the following URL.

http://files4.openoffice.us.com/download/.../dl?bc=1176227&pid=TR&brand=openoffice.us.com&s=msn&c=Srch_US_OpenOffice_us_Writer_EM&country=US&osName=Windows&osVersion=7&browserName=IE&browserVersion=11&cb=-2058778788&zTmp=1&executable=1195513

Remove openofficewriter-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.