cnet_techtracker_2_0_1_51a_setup.exe

CNET TechTracker

CBS Interactive

The application cnet_techtracker_2_0_1_51a_setup.exe, “CNET TechTracker Installer” by CBS Interactive has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from software-files-l.cnet.com.
Publisher:
CBS Interactive  (signed and verified)

Product:
CNET TechTracker

Description:
CNET TechTracker Installer

Version:
2.0.1.51

MD5:
da399d0598ce8ca533ec5ae933acfaf1

SHA-1:
0b0e2674e7d16a8335481dafdba5ac3cd619e2f9

SHA-256:
19ff8c6159cc9e1bcb312fbc2e5ee9a9048e001f0fbce55b3de86dd73aee727c

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 5:52:02 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1446

ESET NOD32
8.9639

Malwarebytes
PUP.Optional.OpenCandy
v2014.04.06.09

Reason Heuristics
Bundler.PPI.CBSInteractive.a
14.8.1.0

File size:
3.9 MB (4,117,304 bytes)

Product version:
2.0.1 Build (51)

Copyright:
Copyright (C) 2010

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\cnet_techtracker_2_0_1_51a_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/24/2009 8:00:00 AM

Valid to:
7/25/2011 7:59:59 AM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5BD0BBF0908ABA158E3FF8AACEA4CD92

File PE Metadata
Compilation timestamp:
6/7/2009 5:41:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:CD/cjFtMmVo8AoJiBlewQto97yud4rdDG93VRiZaKfpVtluah3+05mFTFuJ79Nsb:CL8PAJewQtLkXuh3+KATF+QON68KxT

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9990

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file cnet_techtracker_2_0_1_51a_setup.exe has been seen being distributed by the following URL.

Remove cnet_techtracker_2_0_1_51a_setup.exe - Powered by Reason Core Security