cnet_techtracker_1_3_1_55_setup.exe

CNET TechTracker

CBS Interactive

The application cnet_techtracker_1_3_1_55_setup.exe, “CNET TechTracker Installer” by CBS Interactive has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-l.cnet.com.
Publisher:
CBS Interactive  (signed and verified)

Product:
CNET TechTracker

Description:
CNET TechTracker Installer

Version:
1.3.1.55

MD5:
019582edf003a4a3c30baa7337167834

SHA-1:
d479d71e34f091ffddeeee4da5ac686347cca6f6

SHA-256:
b74d109e24eedf60cc4c65c834a3c4c1e88fea61eed74179ba1b3a5d7a0e9249

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 7:23:49 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
8.8739

Fortinet FortiGate
W32/Adware_fam.NB
9/7/2014

Malwarebytes
PUP.Optional.OpenCandy
v2014.09.07.12

McAfee
Adware-OpenCandy.dll
5600.7015

Microsoft Security Essentials
Adware:Win32/OpenCandy
1.163.1557.0

Quick Heal
Adware.OpenCandy (Not a Virus)
9.14.12.00

Reason Heuristics
Bundler.PPI.CBSInteractive.FF
14.9.6.23

File size:
3.2 MB (3,405,688 bytes)

Product version:
1.3 Build (55)

Copyright:
Copyright (C) 2009

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cnet_techtracker_1_3_1_55_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/24/2009 9:30:00 AM

Valid to:
7/25/2011 9:29:59 AM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5BD0BBF0908ABA158E3FF8AACEA4CD92

File PE Metadata
Compilation timestamp:
6/7/2009 7:11:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:B1UI6g+Mb7YBbBNV76I1ClfhkRtikG8/GSVaMZ+l9w/X9DsiO40UMEwZ:B1j6g+Ao7CZcnNfYMAapsv40j

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9985

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file cnet_techtracker_1_3_1_55_setup.exe has been seen being distributed by the following URL.

Remove cnet_techtracker_1_3_1_55_setup.exe - Powered by Reason Core Security