dh.exe

Install helper

OpenCandy

The application dh.exe by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Install helper

Version:
4.0.0.119

MD5:
67c97b55f4075a86680922a9d5ed613c

SHA-1:
d8a33dd9f6e67889469b5366daf0a5eb4f7f4e71

SHA-256:
2596ad2654432df7dcb748bc34e9a01a1d0087f02d063ab77e1bccccaa31ae36

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 1:08:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.11.2.5

File size:
194 KB (198,640 bytes)

Product version:
4.0.0.119

Copyright:
Copyright (c) 2008 - 2015

Original file name:
InstHlpr.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\55e3bcd00e6a4bc8ad762edfbb279ecd\dh.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/25/2014 9:00:00 PM

Valid to:
8/26/2015 8:59:59 PM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1A4DE208E2EAA73D520698E2D08C7D3D

File PE Metadata
Compilation timestamp:
4/17/2015 12:42:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:al+cDh9lqCPy8E2Bcx8xIml0/amiJLtGGV:al+cDh9l1y/mPIYmqL5

Entry address:
0x715D0

Entry point:
60, BE, 00, D0, 44, 00, 8D, BE, 00, 40, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
148 KB (151,552 bytes)

Remove dh.exe - Powered by Reason Core Security