CNET_TechTracker_2_0_1_51_Setup.exe

CNET TechTracker

CBS Interactive

The application CNET_TechTracker_2_0_1_51_Setup.exe, “CNET TechTracker Installer” by CBS Interactive has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-l.cnet.com.
Publisher:
CBS Interactive  (signed and verified)

Product:
CNET TechTracker

Description:
CNET TechTracker Installer

Version:
2.0.1.51

MD5:
60ad64d6edde83f56ad5a30663a4f7c8

SHA-1:
3cf52555465c956c60879c61d8b7ef616de7fad5

SHA-256:
46ea2594a23b01ce0e94d5f74aa3fa979182a3575e730856b8df8b3f31c4b0f1

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 7:31:44 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.14413

ESET NOD32
8.9430

Malwarebytes
PUP.Optional.OpenCandy
v2014.04.13.10

Microsoft Security Essentials
Adware:Win32/OpenCandy
1.165.247.01

Quick Heal
Adware.OpenCandy (Not a Virus)
4.14.12.00

Reason Heuristics
Bundler.PPI.CBSInteractive.FF
14.8.1.0

Sophos
OpenCandy
4.97

File size:
3.8 MB (3,992,728 bytes)

Product version:
2.0.1 Build (51)

Copyright:
Copyright (C) 2010

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\cnet_techtracker_2_0_1_51_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/23/2009 8:00:00 PM

Valid to:
7/24/2011 7:59:59 PM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5BD0BBF0908ABA158E3FF8AACEA4CD92

File PE Metadata
Compilation timestamp:
6/6/2009 5:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:ORLAJu3nhGMMWGrtajNQNbHV6KfxLJXC4MrrU71dGfMja5BYLfGrEBVftBlqrAOY:Mlh4WGYa57fxYr4Nf/Z/gMArXUq9+F2g

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9989

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file CNET_TechTracker_2_0_1_51_Setup.exe has been seen being distributed by the following URL.

Remove CNET_TechTracker_2_0_1_51_Setup.exe - Powered by Reason Core Security