dh133b.exe

Installation helper

OpenCandy

The application dh133b.exe by OpenCandy has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Installation helper

Version:
4.0.0.133

MD5:
d9454b75dc54266a52cb72ad0d4010be

SHA-1:
dd19e83430c9db895b20fbb215d8680bb98d4b9c

SHA-256:
f8e42980975c2eb2317cfb705cd2ae085ce10d013a827ca5a988c40d2df47f4a

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 11:22:07 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.06.07

AVG
OpenCandy
2016.0.3086

Reason Heuristics
PUP.OpenCandy
15.6.6.13

File size:
194.5 KB (199,152 bytes)

Product version:
4.0.0.133

Copyright:
Copyright (c) 2008 - 2015

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\9716fe91182842c79e43c1778fa6333f\dh133b.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/25/2014 5:00:00 PM

Valid to:
8/26/2015 4:59:59 PM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00968F75DEF14B8896984D3B88276AFA95

File PE Metadata
Compilation timestamp:
6/5/2015 11:50:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:95g2G8NzdzL0kx10/pXc5X3Wmrsl8uN8dzEcqoEY/3CwD6VY:UI5zgk70/pY3WssB81EOECjDn

Entry address:
0x71620

Entry point:
60, BE, 00, D0, 44, 00, 8D, BE, 00, 40, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.5700

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
148 KB (151,552 bytes)

Remove dh133b.exe - Powered by Reason Core Security