home

download-apache-openoffice.exe

Covus Pro GmbH

The application download-apache-openoffice.exe by Covus Pro GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Covus installer. With this installer, users are expecting to download the free Apache OpenOffice but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Covus Pro GmbH  (signed and verified)

MD5:
fadd3b5e3c54aeb7e2a8456b8ab8581f

SHA-1:
bbdebc9795f2dbbcc8f5169b5bf89931cffa1c39

SHA-256:
746dfb7a5b21252b81623c6dadb7ce27bcc7b106211252321784b78bdf0c3852

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Includes bundled offers in the installer/download manager that include adware components such as Best-markit, and Search Protect (ClientConnect).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/17/2024 2:12:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Covus (M)
16.11.30.1

File size:
363.3 KB (372,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Covus (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\download-apache-openoffice.exe

Digital Signature
Signed by:
Covus Pro GmbH

Authority:
GoDaddy.com, Inc.

Valid from:
3/11/2015 2:39:38 PM

Valid to:
2/23/2016 2:53:38 PM

Subject:
CN=Covus Pro GmbH, O=Covus Pro GmbH, L=Berlin, C=DE

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00B62BB34DE8E3FE56

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:3QqXRNj4FfyhQU3jIDMppZ9VcbLie/AeNH9uzhRXp7eFTpQFF8kvlQ3:RRN0uQU3iKPe4EH9uFQTmmUQ3

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Remove download-apache-openoffice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.