du73b.exe

Installation helper

OpenCandy

The application du73b.exe by OpenCandy has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Installation helper

Version:
4.0.0.73

MD5:
68e4331d4afca9802bd1d2251ae67b6f

SHA-1:
357ae5477a878519a1d19ee5cb5c3922718ac7f6

SHA-256:
6554f9c24f568257351ee23fcd1d01f9307d0a9bc8d94108d9cf5a8230f00af6

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 12:52:59 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
OpenCandy
2016.0.3224

Dr.Web
Adware.OpenCandy.71
9.0.1.020

McAfee
Artemis!68E4331D4AFC
5600.6880

Reason Heuristics
PUP.OpenCandy
15.1.20.6

Trend Micro House Call
Suspicious_GEN.F47V0113
7.2.20

File size:
156.5 KB (160,216 bytes)

Product version:
4.0.0.73

Copyright:
Copyright (c) 2008 - 2014

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rheng\31e2add4de714d849a57ebb08ac9d11a\du73b.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2014 3:00:00 AM

Valid to:
8/27/2015 2:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00968F75DEF14B8896984D3B88276AFA95

File PE Metadata
Compilation timestamp:
1/8/2015 7:40:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:ZyOZx7Xxpk1nM7ybW/z46Sw4W5/jGOyW//prfrzI4+E3h8EoV98:kOfYhJwz49krbJxrfAA

Entry address:
0x65480

Entry point:
60, BE, 00, 20, 44, 00, 8D, BE, 00, F0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8503

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
144 KB (147,456 bytes)

Remove du73b.exe - Powered by Reason Core Security