dh143c.exe

Installation helper

OpenCandy Inc.

The application dh143c.exe by OpenCandy has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc.)

Product:
Installation helper

Version:
4.0.0.143

MD5:
d9a43dcff41637cfd36331281f4cc3ee

SHA-1:
51e4acb6d2572ac78afaa56fc28b155d3ce75f20

SHA-256:
5285ed1f115a86cc3f30753f27a92e5542b14fa59a6412672af1bfdc09785551

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/23/2024 10:24:11 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.07.09

Malwarebytes
PUP.Optional.OpenCandy
v2015.07.09.03

Panda Antivirus
PUP/OpenCandy
15.07.09.03

Reason Heuristics
PUP.OpenCandy (M)
15.7.9.3

File size:
195 KB (199,672 bytes)

Product version:
4.0.0.143

Copyright:
Copyright (c) 2008 - 2015

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rpeng\4aa71b7dbc41434c9771cb9d2f20c8e5\dh143c.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
10/13/2014 8:00:00 AM

Valid to:
10/14/2015 7:59:59 AM

Subject:
CN=OpenCandy Inc., O=OpenCandy Inc., STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5407D8E1F2D0E6C4E6F068C2480628C9

File PE Metadata
Compilation timestamp:
7/2/2015 7:21:46 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:XyI+R4OYDnaaXHvfBOgpblYiTuEzdLqrKfcHoQqLlwOrBu:X9iGDX5OgphSKfcHoOOE

Entry address:
0x729A0

Entry point:
60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.5794

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
148 KB (151,552 bytes)

Remove dh143c.exe - Powered by Reason Core Security