home

du.exe

Install helper

OpenCandy

The application du.exe by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Install helper

Version:
3.2.5.339

MD5:
1f93324a84b049c6a81eccaf4a514d10

SHA-1:
e59e5f5b1bdf05ecf2c28f416e876df83efa80b0

SHA-256:
93ea03dca0a03600c70d4fcc029acaa562f4416e43dbeb1be0235ec3716dec39

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/27/2024 1:06:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.11.18.7

File size:
301.5 KB (308,696 bytes)

Product version:
3.2.5.339

Copyright:
Copyright (c) 2008 - 2014

Original file name:
InstHlpr.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\6821744f8ae44f90877d91e6b803d860\du.exe

Digital Signature
Signed by:
OpenCandy

Authority:
COMODO CA Limited

Valid from:
8/25/2014 9:00:00 PM

Valid to:
8/26/2015 8:59:59 PM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1A4DE208E2EAA73D520698E2D08C7D3D

File PE Metadata
Compilation timestamp:
12/15/2014 7:36:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:hakkP4a6tpvrOe6q9VkhC1+MGgl9KOtZjG7v3BBKJAC+U1uxV2AkLoSLhL:4kK6/vrJRehDGl9pQPKOxV2zoSd

Entry address:
0xBA0B0

Entry point:
60, BE, 00, D0, 47, 00, 8D, BE, 00, 40, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, D8, 8F, 0B, 00, 57, 83, C3, 04, 53, 68, A3, D0, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
248 KB (253,952 bytes)

Remove du.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.