home

codeblocks-13.12.0.1.exe

CodeBlocks

Software Association LLC

The application codeblocks-13.12.0.1.exe by Software Association has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from codeblocks.joydownload.pl.
Publisher:
Software Association LLC  (signed and verified)

Product:
CodeBlocks

Version:
1.0.0.0

MD5:
9aba5b6c807f3e8d35fc6f97472dfb9c

SHA-1:
f2d93f55a950c8ca1443872f8ed5678326f4296e

SHA-256:
1005838ba2070abceb9477bdbe5af23bc8d93c76bc5a3815bd75de99f5898bd2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/25/2024 11:46:35 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy.Software.Installer (M)
16.5.3.8

File size:
418.1 KB (428,096 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\codeblocks-13.12.0.1.exe

Digital Signature
Signed by:
Software Association LLC

Authority:
DigiCert Inc

Valid from:
1/13/2015 1:00:00 AM

Valid to:
1/21/2016 1:00:00 PM

Subject:
CN=Software Association LLC, O=Software Association LLC, L=Dnepropetrovsk, S=Dnipropetrovs'ka Oblast', C=UA

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E1FC80B1C57AD69AA6F8D65D1CF90CF

File PE Metadata
Compilation timestamp:
5/20/2013 1:53:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:2iu2OUNNjAH9yum1QFdsTWo5v0wjI69Kwx+:i2OUNOH9yuUTwef9Xc

Entry address:
0x331C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file codeblocks-13.12.0.1.exe has been seen being distributed by the following URL.

http://codeblocks.joydownload.pl/get_azure_file/wUiS4WnYccXBwj qXP7oQkEsnl0kPj2jEB7ycteQv A8/yan9np5ktEPLEykYr32LSb0gA0aZ3GHQuOmHLE0y7BgwsSVDE b/CXqSh jqnD8gfPbvNjdkWFLpIc7wF9BXmT U2pnn4Aj/CHoWWKLS/9Wys3zc3MVY/o4LhIdMr38FXB5ctyYeUd22eP2GWUve4/g0 wxHGL5uFvPlu04XdH9LJPnKjMAzcr F gklQ9Gstyo3wSnPfE2hSflCc1X/.../Fu3QV38fTLnO2EAmImvEy

Remove codeblocks-13.12.0.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.