dexpot_1614_r2439.exe

Dexpot 1.6 Setup

Dexpot GbR

The application dexpot_1614_r2439.exe, “Installer for Dexpot 1.6” by Dexpot GbR has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Additionally, the file is typically installed by a number of programs including Toolwiz Time Freeze 2014 by ToolWiz and Toolwiz Time Freeze 2015 by ToolWiz. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
Dexpot GbR  (signed and verified)

Product:
Dexpot 1.6 Setup

Description:
Installer for Dexpot 1.6

Version:
1.6.14

MD5:
77d59e8affcdc1355883da895cd32b35

SHA-1:
b37be0aab31a8ee5b370333f08a76c50a3dec31e

SHA-256:
34de9036d0d16ef10129962be5ebb4f6d001d1ff6677c0aec6ff530322ea099c

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/14/2024 9:06:13 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Dr.Web
Adware.OpenCandy.39
9.0.1.0250

ESET NOD32
Win32/OpenCandy (variant)
8.10375

Fortinet FortiGate
Riskware/OpenCandy
9/7/2014

G Data
Win32.Adware.OpenCandy
14.9.24

IKARUS anti.virus
PUA.OpenCandy
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.OpenCandy
v2014.09.07.02

Trend Micro House Call
Suspici.1E48FE7A
7.2.250

File size:
5.1 MB (5,300,432 bytes)

Copyright:
© 2001-2014 Dexpot GbR

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/5/2013 2:00:00 AM

Valid to:
7/5/2016 1:59:59 AM

Subject:
CN=Dexpot GbR, O=Dexpot GbR, STREET=Bergerfurth 38, L=Wesel, S=NRW, PostalCode=46487, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009101BB3EB4B14E4D5C02CB74F564B839

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:LUeOU72+G79pndMEvVp89qzk900Oz+k6+OVCXOmPnaOoIcQvLThoc0sJ:1OU7U7j+EvVcqzk900W6BsXPaOoULThL

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file dexpot_1614_r2439.exe has been discovered within the following programs.

www.Toolwiz.com
About 1% of users remove it
About 5% of users remove it
 
Powered by Should I Remove It?

The file dexpot_1614_r2439.exe has been seen being distributed by the following 26 URLs.

http://lb.cdn.m6web.fr/d/c/a/636ae87f8bcc35990fe92a0ceb759705/57bb633f/soft/.../dexpot_1-6-14_fr_29857.exe

http://lb.cdn.m6web.fr/d/c/a/9a96171180d0b2913c88298cb5a316d8/5717ff26/soft/.../dexpot_1-6-14_fr_29857.exe

http://filehippo.com/download/file/.../

https://dw.uptodown.com/dwn/nlG7k9kktadck7o1TYsb5gWxxErAz2p-Q-2nIvYF1UxfzDs3a5b1gtBqU2ZqEZ8f_Y9POQjjSrnYrKggXzw2VyLx_St_dyJNkqf3pV9YWEBQ0T2SF4Bs6Se50nX0_Uxl/0bqaWhkvfONofO2g5PGnzEnGL66N83XNy6rJ6SGAIHQQ5N9pWvGj7kSaC6PK_O3PZ9RL5kgg08pVuLKCev7AJxewgGKFarB9QfnWZyfzgvFMEGcPLTISRWpD8fnyNsc8/6KayuI8A63Knp0KPd8XNMBPbyL_YXsXh2FoO-1tOLGGwoqyU8PooiCPT6206c5wVd6Y1b6k2Qp8egn4jIm0t3haZX4lfAGbIkBioZPl35jOKHv9FZEKOM2uOCJfToLS4/.../

http://lb.cdn.m6web.fr/d/c/a/97018eb0973f43728fe833e0ce28737e/56a2406e/soft/.../dexpot_1-6-14_fr_29857.exe

Remove dexpot_1614_r2439.exe - Powered by Reason Core Security