dh237.exe

Installation helper

OpenCandy

The application dh237.exe by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Installation helper

Version:
4.0.0.237

MD5:
a6a047d8d387fe6ca6142739f00fd916

SHA-1:
eb743a7a851d87ae438226df351382745177bc26

SHA-256:
5033293567d0658236351f260722098490b540e7e7bc8e7a7ef8c58a5c6fa689

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 12:23:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
15.8.16.13

File size:
195 KB (199,640 bytes)

Product version:
4.0.0.237

Copyright:
Copyright (c) 2008 - 2015

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rpeng\f18de0443bd948148715e9c49a39b697\dh237.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2014 3:00:00 AM

Valid to:
8/27/2015 2:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A462388842FE1D1F08612BDBB7211ECA

File PE Metadata
Compilation timestamp:
8/15/2015 7:25:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:YUQBVYncVJdFSADxxeMEnY6m/POF+9fSER3CQG2CHOt0wPVYHWwK2dFXV:XBwJlxYnY6m/WF+9f3hG2COt0wPr2TV

Entry address:
0x728B0

Entry point:
60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
148 KB (151,552 bytes)

Remove dh237.exe - Powered by Reason Core Security