dlm299b.exe

OpenCandy recommendation downloader

OpenCandy Inc.

The application dlm299b.exe, “OpenCandy recommendation downloader p51” by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc.)

Product:
OpenCandy recommendation downloader

Description:
OpenCandy recommendation downloader p51

Version:
3.2.5.299

MD5:
fb7f76cf356a0ae114acd7d9e9642016

SHA-1:
2244b63c24bfc8e15f20e3042096833d3a41043a

SHA-256:
37d3ca69362493dfec7083c9ea6ae1f378b29573e7c41032378c4b1dd3d5d929

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 1:55:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.9.30.18

File size:
297.5 KB (304,689 bytes)

Product version:
3.2.5.299

Copyright:
Copyright (c) 2008 - 2014 OpenCandy, Inc.

Original file name:
OpenCandyU1Dlm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\4ce12d4b2e3a4abfa749b2163f986acd\dlm299b.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/27/2014 5:00:00 PM

Valid to:
6/28/2015 4:59:59 PM

Subject:
CN=OpenCandy Inc., O=OpenCandy Inc., L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79D7802797DB6E08C313832B63BDA95F

File PE Metadata
Compilation timestamp:
8/19/2014 4:34:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:y9WlYr5XuChddkd7RLiCAgYBNx5jS/QG7ob2LBGV2NoSvhV:y9Wl8XuCTdC71A9Nx5jcRdJNoSb

Entry address:
0xB84D0

Entry point:
60, BE, 00, C0, 47, 00, 8D, BE, 00, 50, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7C, 6E, 0B, 00, 57, 83, C3, 04, 53, 68, CB, C4, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.8383  (probably packed)

Code size:
248 KB (253,952 bytes)

Remove dlm299b.exe - Powered by Reason Core Security