dlm299b.exe

OpenCandy recommendation downloader

OpenCandy Inc.

The application dlm299b.exe, “OpenCandy recommendation downloader p51” by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc.)

Product:
OpenCandy recommendation downloader

Description:
OpenCandy recommendation downloader p51

Version:
3.2.5.299

MD5:
0df18e2e6dc7cc123a393e782ff7a666

SHA-1:
e5fdd9b468642441182433c26fbf42b29e61dd1d

SHA-256:
ed12f7e4c739d974bae51dcd29d12ea0c6213941a5b923cfaede0b75bd60ef26

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 2:15:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.3.14.2

File size:
297.5 KB (304,689 bytes)

Product version:
3.2.5.299

Copyright:
Copyright (c) 2008 - 2014 OpenCandy, Inc.

Original file name:
OpenCandyU1Dlm.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\471756c093d042b0b48c290ebc5b581d\dlm299b.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/28/2014 1:00:00 AM

Valid to:
6/29/2015 12:59:59 AM

Subject:
CN=OpenCandy Inc., O=OpenCandy Inc., L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79D7802797DB6E08C313832B63BDA95F

File PE Metadata
Compilation timestamp:
8/20/2014 12:34:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:y9WlYr5XuChddkd7RLiCAgYBNx5jS/QG7ob2LBGV2NoSvhm:y9Wl8XuCTdC71A9Nx5jcRdJNoSw

Entry address:
0xB84D0

Entry point:
60, BE, 00, C0, 47, 00, 8D, BE, 00, 50, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7C, 6E, 0B, 00, 57, 83, C3, 04, 53, 68, CB, C4, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
248 KB (253,952 bytes)

Remove dlm299b.exe - Powered by Reason Core Security