» 1. lcpd first response 1.1 installer.exe
Overview
Analysis
File Details
Downloads (24)

1. lcpd first response 1.1 installer.exe

LCPD First Response

G17 Media

The application 1. lcpd first response 1.1 installer.exe, “LCPD First Response Installer” has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

Publisher:

G17 Media

Product:

LCPD First Response

Description:

LCPD First Response Installer

Version:

1.0.0.0b

MD5:

81a9766a2e86f39fae82ea3a2427afb1

SHA-1:

93293463d76121a6bf7c62da062b77aa0e80ac81

SHA-256:

3392f64e2a91fdc1705de4216b82cd6f9038b8b91d2fce89a156b1c377543470

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/23/2024 5:07:54 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-150713

AVG

AdLoad.OpenCandy

2016.0.3049

Dr.Web

Adware.OpenCandy.145

9.0.1.0194

ESET NOD32

Win32/OpenCandy.C potentially unsafe (variant)

9.11928

Fortinet FortiGate

Riskware/OpenCandy

7/13/2015

F-Prot

W32/OpenCandy.A2.gen

v6.4.7.1.166

G Data

Win32.Adware.OpenCandy

15.7.25

IKARUS anti.virus

Trojan.MSIL.Bladabindi

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16534

Kaspersky

not-a-virus:AdWare.Win32.OpenCandy

14.0.0.1741

Malwarebytes

PUP.Optional.OpenCandy

v2015.07.13.08

McAfee

Artemis!81A9766A2E86

5600.6705

NANO AntiVirus

Riskware.Win32.OpenCandy.dqxwfl

0.30.24.2487

Reason Heuristics

PUP.OpenCandy.Installer (L)

15.7.13.20

VIPRE Antivirus

Trojan.Win32.Generic

41942

File size:

24.7 MB (25,875,163 bytes)

Product version:

1.0.0.0b

? G17 Media

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

12/24/2013 11:01:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:HXl+ZSEQmkMxxFYq4Zo2vxIH6B5joIO6rHnT:3l+EshihZtvxIH6FO6zT

Entry address:

0x3219

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A... 
[+]

Entropy:

7.9999

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file 1. lcpd first response 1.1 installer.exe has been seen being distributed by the following 24 URLs.

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=38271e867ad81b9700c2c72e91d484fd&e=1480607283&validation=af8b285095777c33b3592ddccb78436e

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=48f96f7cd260f1291d2e1d36d3788cf9&e=1482429239&validation=deb5762bd3ea028c4b6fa0888640a8c4

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=4928dd1db742ee03348e952ca3527a1b&e=1480621616&validation=f6b9da59e579a207c94f3eb8662c5faa

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=5ba5a083f32375827ecc77e9af3f1c86&e=1481324216&validation=87b0bb58671345ee536e81b4a5253dea

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=f1eca6607d05275efd8e70535933c98e&e=1482507200&validation=ec159eef9c0f35f5cd366097f3105845

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=6d1259505c00fe6151d8af08e0d690fd&e=1481405408&validation=1c88ad22b540e1810e8d8a159dd721f1

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=f9ce84e6cb54acf515adf5dbbfcc13a0&e=1485536258&validation=99ba4081beddfd1b595ab434602bd817

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=de71d0437967e685a18ec6a44646cb1e

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=309831cad46756aa0426c96174402b0a&e=1482090277&validation=84ac3827dd9eba0fbbdb302d1be72edf

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=6070f13d1e83d1065b84bef723c1a24a&e=1479939936&validation=5577501747caad291b5d2b3166bf7283

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=bc96777c86dfd9256fd1e84e36a14492&e=1480111960&validation=b2552b5ee41b416bf6b53ce5202f1911

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=1f4478903424fd0b134e727ae5cbadd2&e=1482759939&validation=11abdc0ae5ba08104b054aefded078ac

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=965391204d735fdbb5f7490262113f68

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=ec0a8bfef47d348dfa539c7757654ec0&e=1481084488&validation=77d590401b382c87859ed651380dca73

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=61c39c41fda5aef575f90ebaa8a84922

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=4978c6cb081d5421614e96b873b4f00a

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=87c108d5f0ae8bb4ad87d1e7a9d4b7fc&e=1481434453&validation=bf8cf75573fed714092b96f0955d0426

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=577938e69bec431ee40a7d29e2734418

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=932137730f16d3b300e2882204438817

http://download.lcpdfr.com/datastore/file_cache/.../1. LCPD First Response 1.1 Installer.exe

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=890e8e1d601b280e0fcffa3df2df03a4

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=7467e093746f9e1cb3019a77ad34a587

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=a8312f3b373eff07b404555485684abb

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1

Remove 1. lcpd first response 1.1 installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.