5338613_setup.exe

CNET TechTracker

CBS Interactive

The application 5338613_setup.exe, “CNET TechTracker Installer” by CBS Interactive has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-l.cnet.com.
Publisher:
CBS Interactive  (signed and verified)

Product:
CNET TechTracker

Description:
CNET TechTracker Installer

Version:
2.0.3.59

MD5:
973e4e4eeb9975ced6426a97ccc101fb

SHA-1:
78a13dff961f29ff701a27fc244e680091cb2850

SHA-256:
89f2be934614902e44027bfe4de31d63dea883870b3469d4922c7486ae6b6afd

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/26/2024 11:20:09 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14214

ESET NOD32
8.9255

Malwarebytes
PUP.Optional.OpenCandy
v2014.02.14.10

Reason Heuristics
Bundler.PPI.CBSInteractive.N
14.8.1.0

VIPRE Antivirus
Opencandy
25140

File size:
3.9 MB (4,117,040 bytes)

Product version:
2.0.3 Build (59)

Copyright:
Copyright (C) 2011

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\5338613_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/24/2009 2:00:00 AM

Valid to:
7/25/2011 1:59:59 AM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5BD0BBF0908ABA158E3FF8AACEA4CD92

File PE Metadata
Compilation timestamp:
6/6/2009 11:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:GyWfuAWZok9VM8kXdiWXsllOvhoVLtMwDxP:Gy3fZo2KjXWVBP

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file 5338613_setup.exe has been seen being distributed by the following URL.

Remove 5338613_setup.exe - Powered by Reason Core Security