home

cdbxp_setup_4.5.5.5790.exe

CDBurnerXP

Canneverbe Limited

The application cdbxp_setup_4.5.5.5790.exe by Canneverbe Limited has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Publisher:
Canneverbe Limited   (signed by Canneverbe Limited)

Product:
CDBurnerXP

Version:
4.5.5.5790

MD5:
594e3c1bde17de0a96fbe6b1359fe926

SHA-1:
11e7b5e89c4779b9cc57e48f2c6fbbf82cf829c4

SHA-256:
ef8f6001054e7ba992af4f04b12ce226a9b50c6d7e90da89010a5ae95fbd032b

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 2:55:28 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
OpenCandy
2016.0.2995

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Threat.Undefined
9.0.1.0212

ESET NOD32
Win32/OpenCandy.C potentially unsafe application
9.7.0.302.0

Fortinet FortiGate
Riskware/OpenCandy
7/31/2015

G Data
Win32.Application.OpenCandy
15.7.25

herdProtect (fuzzy)
variant of tmpb37e.tmp
2015.9.5.12

K7 AntiVirus
Unwanted-Program
13.207.16843

Reason Heuristics
PUP.OpenCandy.Installer (L)
15.7.31.22

Sophos
PUA 'OpenCandy'
5.15

File size:
5.4 MB (5,650,408 bytes)

Product version:
4.5.5.5790

Copyright:
2001-2014 Canneverbe Limited

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cdbxp_setup_4.5.5.5790.exe

Digital Signature
Signed by:
Canneverbe Limited

Authority:
DigiCert Inc

Valid from:
3/5/2013 2:00:00 AM

Valid to:
6/8/2016 3:00:00 PM

Subject:
CN=Canneverbe Limited, O=Canneverbe Limited, L=Goch, C=DE

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E73EAE02E53D77688E0C0F18F0F1AAF

File PE Metadata
Compilation timestamp:
7/9/2014 10:58:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:+Y+HhNp4QuuGSsmNwreZ1Spmo7ykoOKNsdEqxA+1vkcat3+wmwr3vLvImH1:+BTJuuGLmwK4kNsdEcKcku/wr3DvImV

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file cdbxp_setup_4.5.5.5790.exe has been seen being distributed by the following 13 URLs.

http://software-files-a.cnet.com/s/software/14/44/24/.../cdbxp_setup_4.5.5.5790.exe

http://progy.pro/wp-content/plugins/.../download.php?id=9

http://www.programosy.pl/.../pobierz,cdburnerxp,2.html

http://cdburnerxp.se//downloadsetup.exe

https://www.cdburnerxp.se/downloadsetup.exe

http://i.download.idg.pl/fannef/9f8a5780f1729095d394e4868bc610cc/56252e11//vol2/w95/cd_dvd/.../cdbxp_setup_4.5.5.5790.exe

https://mega.nz/persistent/.../KZ9AnLTJ

http://ember.cdburnerxp.se/cdbxp_setup_4.5.5.5790.exe

http://download.cdburnerxp.se/cdbxp_setup_4.5.5.5790.exe

http://www.cdburnerxp.se/downloadsetup.php

http://cdburnerxp.se/downloadsetup.exe

http://www.downloadcrew.com/?act=software.download&id=213&t=1439747697&c=040fd7dc8875aef2abf648eeffbf51c82da19803

https://cdburnerxp.se/downloadsetup.exe

Remove cdbxp_setup_4.5.5.5790.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.