Malware behavior in OpenOfficePortable.exe?

Defense+ detects possible malware behavior in OpenOfficePortable.exe. What is wrong with OpenOfficePortable.exe, what is it doing that D+ detects?

I use Portable 3.0.1, English: Apache OpenOffice Portable (full-featured office suite) |

Thanks. :slight_smile:

[attachment deleted by admin]

If you are worried about what the D+ alert is saying, it says that for most unrecognized applications, which a majority of the time are completely safe.

Why the D+ heuristics see it as a possible threat? IDK, maybe because it’s executing itself. But, I get these types of alerts all the time with almost every new program. :slight_smile:

They’re two executables if you look a second time, not one calling another instance of itself.

The heuristics alert is probably because portable apps may have to perform weird “virtualization” tricks to convince a program that’s not installled, that it’s installed… Just a guess.

Good eye.
I guess I assumed that because a lot of alerts (or at least the alerts I get) are usually from a new program trying to execute its own executable when I start it.

My guess is that the executable is packed. The heuristic engine for Defense+ seems to flag all packed executable files as suspicious.

Thanks .FaZio93., Japo and Ragwing.

An application executing itself, as .FaZio93. mentioned, is also something I don’t understand. 88) What happens, and why not always?

[attachment deleted by admin]

I’m not much into that, but from what I can guess, I would say that an executable needs to modify its own data, which can’t be done when running, so therefore, it terminates, does the modification, and then re-spawns. Or possible another file directly related to the executable, that can’t be modified when the executable is running. This is just a guess though.