dlm298b.exe

OpenCandy recommendation downloader

OpenCandy Inc.

The application dlm298b.exe, “OpenCandy recommendation downloader p51” by OpenCandy has been detected as a potentially unwanted program by 47 anti-malware scanners. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc.)

Product:
OpenCandy recommendation downloader

Description:
OpenCandy recommendation downloader p51

Version:
3.2.5.298

MD5:
1f1a3379c2d537de505a1d7aff23314c

SHA-1:
edae587b0153629bd344042bb1d40ab19e6561cb

SHA-256:
f3a32dda3fa1a6bd625bf1367c996ebb6b85329a32bdafb7cd4e7544565f69c1

Scanner detections:
47 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 1:48:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
885

Agnitum Outpost
Win32.Sality.FA.Gen
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2014.08.29

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:Sality
2014.9-140903

AVG
Win32/Sality
2015.0.3363

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.14812

Bitdefender
Win32.Sality.3
1.0.20.1230

Bkav FE
W32.Sality.PE
1.3.0.4959

Comodo Security
Packed.Win32.MUPX.Gen
19344

Dr.Web
Adware.OpenCandy.15
9.0.1.0224

Emsisoft Anti-Malware
Win32.Sality
8.14.09.03.12

ESET NOD32
Win32/OpenCandy (variant)
8.10237

Fortinet FortiGate
Riskware/OpenCandy
8/12/2014

F-Prot
W32/Sality.gen2
v6.4.6.5.141

F-Secure
Win32.Sality.3
11.2014-03-09_4

G Data
Win32.Application.OpenCandy
14.8.24

K7 AntiVirus
Virus
13.183.13198

Kaspersky
Virus.Win32.Sality
14.0.0.3310

Malwarebytes
PUP.Optional.OpenCandy.A
v2014.08.12.12

McAfee
W32/Sality.gen.z
5600.7019

Microsoft Security Essentials
Threat.Undefined
1.183.771.0

MicroWorld eScan
Win32.Sality.3
15.0.0.738

NANO AntiVirus
Virus.Win32.Sality.bzkem
0.28.2.61861

Norman
Sality.ZHB
11.20140903

nProtect
Win32.Sality.3
14.08.28.01

Panda Antivirus
W32/Sality.AA
14.09.03.12

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Sality.U
9.14.14.00

Reason Heuristics
PUP.OpenCandy.H
14.8.12.0

Rising Antivirus
PE:Win32.KUKU.GEN!1463551
23.00.65.14901

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.0.11148

Trend Micro House Call
Suspicious_GEN.F47V0809
7.2.224

Trend Micro
PE_SALITY.ER
10.465.03

Vba32 AntiVirus
Virus.Win32.Sality.bakb
3.12.26.3

VIPRE Antivirus
Opencandy
32120

ViRobot
Win32.Sality.N
2011.4.7.4223

File size:
297.2 KB (304,344 bytes)

Product version:
3.2.5.298

Copyright:
Copyright (c) 2008 - 2014 OpenCandy, Inc.

Original file name:
OpenCandyU1Dlm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\b5f0d48618ea434ea844c3544d7f3afc\dlm298b.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/27/2014 5:00:00 PM

Valid to:
6/28/2015 4:59:59 PM

Subject:
CN=OpenCandy Inc., O=OpenCandy Inc., L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79D7802797DB6E08C313832B63BDA95F

File PE Metadata
Compilation timestamp:
8/7/2014 4:03:26 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:X9WlYr5XuChddkd7RLiCAgYBNx5jS/QG7ob2LBGV2coSkhV:X9Wl8XuCTdC71A9Nx5jcRdJcoSm

Entry address:
0xB84D0

Entry point:
60, BE, 00, C0, 47, 00, 8D, BE, 00, 50, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7C, 6E, 0B, 00, 57, 83, C3, 04, 53, 68, CA, C4, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.8380  (probably packed)

Code size:
248 KB (253,952 bytes)

Remove dlm298b.exe - Powered by Reason Core Security