home

dlm309c.exe

OpenCandy Inc

The application dlm309c.exe by OpenCandy Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy Inc  (signed and verified)

MD5:
efad635daddca878360d9f69b9d59dff

SHA-1:
14024a590eefbf40de0a886f6ca6be73595ce1d9

SHA-256:
fb47e586cb52ba9d9d9e3afcd16309f773f3c8777757c8025b74a0cc79fbeecc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/26/2024 9:54:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.9.26.14

File size:
299.2 KB (306,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\opencandy\aa687b8139504a5593efcd5817865aef\dlm309c.exe

Digital Signature
Signed by:
OpenCandy Inc

Authority:
VeriSign, Inc.

Valid from:
6/28/2014 3:00:00 AM

Valid to:
6/29/2015 2:59:59 AM

Subject:
CN=OpenCandy Inc, O=OpenCandy Inc, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5247E3098A65541C2BA1CE82C2E87832

File PE Metadata
Compilation timestamp:
8/27/2014 2:34:26 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:CsrFqB1+auPEYh+fnh4UObcZWh/cDkMVTJp/k13dlcpapK7Yoh7:CAFqOCUmn2bcZS0DkMVH/k5dlcpaY7YY

Entry address:
0xBADE0

Entry point:
42, 1C, 1B, F1, 2C, 90, 66, 85, 74, 3C, 05, CB, E4, 6C, D6, 68, 1E, 3F, 4D, 3E, DE, 4C, 6C, 92, 2C, 32, 9B, 47, 33, CF, A3, 4D, A7, A0, 80, F6, A1, B4, 62, B2, 28, 8F, 3F, 03, 54, A6, 50, 9C, C3, 50, ED, 14, 07, 6C, C6, E3, FE, BF, 95, 60, E7, A5, 9C, 4F, BA, F0, EA, 57, FC, 55, 2E, 53, 90, BA, 0F, E4, 6C, FE, 2C, A3, 43, 3E, 27, 0A, E9, C0, AA, 0A, E2, B5, 67, 0E, 0C, AA, 4D, B5, C3, F7, 3F, A9, BD, 18, 53, D0, 90, C9, 90, 8F, 98, BD, 8E, 9C, A5, A0, E6, EC, 37, EB, 8E, BF, 19, CB, 12, CD, 9A, 10, 18, 6A...
 
[+]

Code size:
248 KB (253,952 bytes)

Remove dlm309c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.