cnet_techtracker_1_0_44_setup.exe

CNET TechTracker

CBS Interactive

The application cnet_techtracker_1_0_44_setup.exe, “CNET TechTracker Installer_OC” by CBS Interactive has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
CBS Interactive  (signed and verified)

Product:
CNET TechTracker

Description:
CNET TechTracker Installer_OC

Version:
1.0.0.44

MD5:
82b6834f16189922fa0930e0e0a70cd0

SHA-1:
3606c265a47e5f8f53618ac4573a39ce7ee1f415

SHA-256:
2193314cd6e07950af119292a892a939e4ae07ddac42da10ba7bafc26139f120

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/23/2024 5:57:05 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15111

ESET NOD32
9.10950

Fortinet FortiGate
W32/Adware_fam.NB
1/11/2015

Malwarebytes
PUP.Optional.OpenCandy
v2015.01.11.10

McAfee
Adware-OpenCandy.dll
5600.6888

Reason Heuristics
Bundler.PPI.CBSInteractive.DD
15.1.11.22

Sophos
OpenCandy
4.98

Trend Micro House Call
TROJ_GEN.R08OH06L914
7.2.11

VIPRE Antivirus
Opencandy
36264

File size:
3.2 MB (3,401,280 bytes)

Product version:
1.0 Build (44)

Copyright:
Copyright (C) 2009

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\Music\music file 2012\music\stallions\cnet_techtracker_1_0_44_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/23/2009 7:00:00 PM

Valid to:
7/24/2011 6:59:59 PM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5BD0BBF0908ABA158E3FF8AACEA4CD92

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:OVgyfyqoAaQTUuZadTn6XRauzz7HuLGU0VkEIGZ9raubgz2F:cghMU3r6Yu3zM0V7Pmbo

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9985

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove cnet_techtracker_1_0_44_setup.exe - Powered by Reason Core Security