home

dh210.exe

Installation helper

OpenCandy

The application dh210.exe by OpenCandy has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Installation helper

Version:
4.0.0.210

MD5:
a0a8876f7953ad716b7eeb0e16eca057

SHA-1:
0448e320fcd640a46232442ae4bae31ed4de3156

SHA-256:
9022c92aca985b83a247ffe8ef477fd5c7286338562ac5f4f6de0e5170cdb3b1

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/23/2024 10:21:25 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.08.05

AVG
OpenCandy
2016.0.3026

herdProtect (fuzzy)
variant of dh206.exe (PUP)
2015.9.12.4

Malwarebytes
PUP.Optional.OpenCandy
v2015.08.05.04

Panda Antivirus
PUP/OpenCandy
15.08.05.04

Reason Heuristics
PUP.OpenCandy (M)
15.8.5.16

File size:
196 KB (200,664 bytes)

Product version:
4.0.0.210

Copyright:
Copyright (c) 2008 - 2015

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rpeng\11faffeb6d114aa5ac74d29365f60308\dh210.exe

Digital Signature
Signed by:
OpenCandy

Authority:
COMODO CA Limited

Valid from:
8/25/2014 9:00:00 PM

Valid to:
8/26/2015 8:59:59 PM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5AA7E515112EAEB906A3ABD37394DAD6

File PE Metadata
Compilation timestamp:
8/4/2015 3:46:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:rvt7aaUPh/bq+PDi8fPU6BKDCV0SL+ziAKbpFuwcoIDQw2O4+IkoNzJkw52GBJ:rvZpYhDi8fRBKDClVpEwXIN2O/EzV2m

Entry address:
0x72D70

Entry point:
60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
148 KB (151,552 bytes)

Remove dh210.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.