connectifyinstaller.exe

Connectify

The application connectifyinstaller.exe by Connectify has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from chph.softwaretop.net and multiple other hosts.
Publisher:
Connectify  (signed and verified)

Product:
Connectify

Version:
7.3.1.30389

MD5:
4cfb610684f052e1f5a487274d026224

SHA-1:
fe5ab499ca747a7d6816ca21a2d98c15226d1d43

SHA-256:
b1367e009dc67337d6fe715ca8b903238be8936617233730684492de864ffe85

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/27/2024 2:06:31 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.OpenCandy.4
9.0.1.060

Emsisoft Anti-Malware
Trojan.Generic.3048720
8.14.03.01.03

ESET NOD32
8.9487

Fortinet FortiGate
Riskware/OpenCandy
3/1/2014

Malwarebytes
PUP.Optional.OpenCandy
v2014.03.01.03

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.11.29.10

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14227

Trend Micro House Call
TROJ_GE.B8F91C47
7.2.60

File size:
8.1 MB (8,478,736 bytes)

Product version:
7.3.1.30389

Copyright:
© 2014 Connectify

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\connectifyinstaller.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/24/2013 2:00:00 AM

Valid to:
8/24/2014 1:59:59 AM

Subject:
CN=Connectify, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Connectify, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71844350E30B64B59FD6BEC66B063550

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:OvCYl2h9tR8OUukq/BqTmvb2+vHsLFk+6Y:WkgOUrUwSi+/sLuY

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file connectifyinstaller.exe has been seen being distributed by the following 3 URLs.

Remove connectifyinstaller.exe - Powered by Reason Core Security