1. lcpd first response 1.1 installer.exe

LCPD First Response

G17 Media

The application 1. lcpd first response 1.1 installer.exe, “LCPD First Response Installer” has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
G17 Media

Product:
LCPD First Response

Description:
LCPD First Response Installer

Version:
1.0.0.0b

MD5:
81a9766a2e86f39fae82ea3a2427afb1

SHA-1:
93293463d76121a6bf7c62da062b77aa0e80ac81

SHA-256:
3392f64e2a91fdc1705de4216b82cd6f9038b8b91d2fce89a156b1c377543470

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/25/2024 4:43:18 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-150713

AVG
AdLoad.OpenCandy
2016.0.3049

Dr.Web
Adware.OpenCandy.145
9.0.1.0194

ESET NOD32
Win32/OpenCandy.C potentially unsafe (variant)
9.11928

Fortinet FortiGate
Riskware/OpenCandy
7/13/2015

F-Prot
W32/OpenCandy.A2.gen
v6.4.7.1.166

G Data
Win32.Adware.OpenCandy
15.7.25

IKARUS anti.virus
Trojan.MSIL.Bladabindi
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16534

Kaspersky
not-a-virus:AdWare.Win32.OpenCandy
14.0.0.1741

Malwarebytes
PUP.Optional.OpenCandy
v2015.07.13.08

McAfee
Artemis!81A9766A2E86
5600.6705

NANO AntiVirus
Riskware.Win32.OpenCandy.dqxwfl
0.30.24.2487

Reason Heuristics
PUP.OpenCandy.Installer (L)
15.7.13.20

VIPRE Antivirus
Trojan.Win32.Generic
41942

File size:
24.7 MB (25,875,163 bytes)

Product version:
1.0.0.0b

Copyright:
? G17 Media

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
12/24/2013 11:01:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:HXl+ZSEQmkMxxFYq4Zo2vxIH6B5joIO6rHnT:3l+EshihZtvxIH6FO6zT

Entry address:
0x3219

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 1. lcpd first response 1.1 installer.exe has been seen being distributed by the following 24 URLs.

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=38271e867ad81b9700c2c72e91d484fd&e=1480607283&validation=af8b285095777c33b3592ddccb78436e

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=48f96f7cd260f1291d2e1d36d3788cf9&e=1482429239&validation=deb5762bd3ea028c4b6fa0888640a8c4

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=4928dd1db742ee03348e952ca3527a1b&e=1480621616&validation=f6b9da59e579a207c94f3eb8662c5faa

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=5ba5a083f32375827ecc77e9af3f1c86&e=1481324216&validation=87b0bb58671345ee536e81b4a5253dea

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=f1eca6607d05275efd8e70535933c98e&e=1482507200&validation=ec159eef9c0f35f5cd366097f3105845

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=6d1259505c00fe6151d8af08e0d690fd&e=1481405408&validation=1c88ad22b540e1810e8d8a159dd721f1

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=f9ce84e6cb54acf515adf5dbbfcc13a0&e=1485536258&validation=99ba4081beddfd1b595ab434602bd817

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=de71d0437967e685a18ec6a44646cb1e

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=309831cad46756aa0426c96174402b0a&e=1482090277&validation=84ac3827dd9eba0fbbdb302d1be72edf

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=6070f13d1e83d1065b84bef723c1a24a&e=1479939936&validation=5577501747caad291b5d2b3166bf7283

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=bc96777c86dfd9256fd1e84e36a14492&e=1480111960&validation=b2552b5ee41b416bf6b53ce5202f1911

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=1f4478903424fd0b134e727ae5cbadd2&e=1482759939&validation=11abdc0ae5ba08104b054aefded078ac

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=965391204d735fdbb5f7490262113f68

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=ec0a8bfef47d348dfa539c7757654ec0&e=1481084488&validation=77d590401b382c87859ed651380dca73

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=61c39c41fda5aef575f90ebaa8a84922

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=4978c6cb081d5421614e96b873b4f00a

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=87c108d5f0ae8bb4ad87d1e7a9d4b7fc&e=1481434453&validation=bf8cf75573fed714092b96f0955d0426

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=577938e69bec431ee40a7d29e2734418

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=932137730f16d3b300e2882204438817

Remove 1. lcpd first response 1.1 installer.exe - Powered by Reason Core Security