dtupgraderfull-r19767.exe

doubleTwist Corporation

The application dtupgraderfull-r19767.exe by doubleTwist has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory.
Publisher:
doubleTwist Corporation  (signed and verified)

MD5:
af3b4874fb724b9f347272c05b3e6ff9

SHA-1:
003b77301a220f66a1c3e41e550df443ef96375f

SHA-256:
9b568412abd173d280009aa6168aaa7bedf724a2d9784fecc96d556734cc74f9

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 1:35:40 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.OpenCandy.128
9.0.1.0310

ESET NOD32
Win32/OpenCandy potentially unsafe application
7.0.302.0

Fortinet FortiGate
Adware/OpenCandy
11/6/2015

G Data
Win32.Adware.OpenCandy
15.11.25

K7 AntiVirus
Trojan
13.204.16151

Malwarebytes
PUP.Optional.OpenCandy
v2015.11.06.09

McAfee
Artemis!AF3B4874FB72
5600.6590

Panda Antivirus
Trj/OCJ.E
15.11.06.09

Reason Heuristics
PUP.doubleTwistCorporation.V
14.7.10.2

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.151104

Vba32 AntiVirus
AdWare.OpenCandy
3.12.26.4

File size:
21.1 MB (22,091,216 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\dtupgraderfull-r19767.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
4/30/2014 2:00:00 AM

Valid to:
4/30/2015 1:59:59 AM

Subject:
CN=doubleTwist Corporation, O=doubleTwist Corporation, L=San Francisco, S=California, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5083313E60A850E615C59B6E93B64109

File PE Metadata
Compilation timestamp:
2/24/2012 8:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:8EOOakgPPsbOlGNjV6zcudCArWjRYfcNGtx0JXxcF995VA9p+IMoN5rEyP4:eObzqoV6zANjRYfMGtx0Jqp2f+6rEa

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

Remove dtupgraderfull-r19767.exe - Powered by Reason Core Security