du73a.exe

Installation helper

OpenCandy

The application du73a.exe by OpenCandy has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Installation helper

Version:
4.0.0.73

MD5:
5084119b136a9ab97fa111778a1f7e73

SHA-1:
d78c7ce522c097fa1541d1e045060c8548fcfe0b

SHA-256:
3ef7b3dc330eec873c2923d1800e31a4157fd0ab601b5107ab80c64b01d8a9eb

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 11:52:26 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
OpenCandy
2016.0.3233

Reason Heuristics
PUP.OpenCandy.F
15.1.10.12

File size:
156.5 KB (160,216 bytes)

Product version:
4.0.0.73

Copyright:
Copyright (c) 2008 - 2014

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rheng\a4c659ca45424ff2aab211253a9e6384\du73a.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2014 1:00:00 AM

Valid to:
8/27/2015 12:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
132982A2FBDC37FCDC8D57346010BC5F

File PE Metadata
Compilation timestamp:
1/8/2015 5:39:47 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:5yOZx7Xxpk1nM7ybW/z46Sw4W5/jGOyW//prfrzIr+E3h8wjV/z:EOfYhJwz49krbJxrfYd

Entry address:
0x65480

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8504

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
144 KB (147,456 bytes)

Remove du73a.exe - Powered by Reason Core Security