home

du106m.exe

Installation helper

OpenCandy Inc.

The application du106m.exe by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc.)

Product:
Installation helper

Version:
4.0.0.106

MD5:
14cec3b153f8def81c2f74456b9e925c

SHA-1:
1a781770d3c39d634f4fa42107b8f2459a9e4c30

SHA-256:
078b8dac9d2b852f7ba2f80714284913c04ad3dd57816b904e742844c597ab88

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/23/2024 4:22:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.9.17.19

File size:
194 KB (198,656 bytes)

Product version:
4.0.0.106

Copyright:
Copyright (c) 2008 - 2015

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rheng\51ceda1d7b7f4b36ab2cfb6f7d27e602\du106m.exe

Digital Signature
Signed by:
OpenCandy Inc.

Authority:
COMODO CA Limited

Valid from:
10/13/2014 7:00:00 AM

Valid to:
10/14/2015 6:59:59 AM

Subject:
CN=OpenCandy Inc., O=OpenCandy Inc., STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BB7B40B95093A55585D1C267C0D46EE3

File PE Metadata
Compilation timestamp:
3/26/2015 12:28:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:EX3mlPymAdzggSWnAXl8RsyfOJXUdEPsMSgi93Cuj9ClLwOM:c2ljAdWWAXy3GJXUdonSBd56LA

Entry address:
0x714D0

Entry point:
60, BE, 00, D0, 44, 00, 8D, BE, 00, 40, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.5739

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
148 KB (151,552 bytes)

Remove du106m.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.