dlm.exe

OpenCandy recommendation downloader

OpenCandy Inc.

The application dlm.exe, “OpenCandy recommendation downloader p46” by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc.)

Product:
OpenCandy recommendation downloader

Description:
OpenCandy recommendation downloader p46

Version:
3.2.5.275

MD5:
66acf8822f820d22c959f41ec37662ea

SHA-1:
c215b20736681b44c489fbed8c5e8592a4b0b80d

SHA-256:
0a12ef4ff238453299975738d0b59e5bf5ade9add705324f27c11bf1fc0102ac

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/2/2024 3:23:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
17.3.7.15

File size:
295.8 KB (302,888 bytes)

Product version:
3.2.5.275

Copyright:
Copyright (c) 2008 - 2014 OpenCandy, Inc.

Original file name:
OpenCandyU1Dlm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\bdf99dca50d44b229e969d6a5657c8b6\dlm.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/25/2011 2:00:00 AM

Valid to:
3/15/2014 1:59:59 AM

Subject:
CN=OpenCandy Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OpenCandy Inc., L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6FFC263A351134194CF16E1E6D0E0806

File PE Metadata
Compilation timestamp:
1/18/2014 3:44:58 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xB7FA0

Entry point:
60, BE, 00, C0, 47, 00, 8D, BE, 00, 50, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, EA, 5D, 0B, 00, 57, 83, C3, 04, 53, 68, 9C, BF, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.8393  (probably packed)

Code size:
244 KB (249,856 bytes)

Remove dlm.exe - Powered by Reason Core Security