du77i.exe

Installation helper

OpenCandy

The application du77i.exe by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Installation helper

Version:
4.0.0.77

MD5:
2ca6ead91ccbfd20f90d6c579bc086cd

SHA-1:
f97685ce7df3e050e2f7cf10b77982295b2be72b

SHA-256:
1d235c05e1178698762a85728ea17e67cfd9c80cf8d63dc889739f75d190a2f2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/23/2024 10:13:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.12.5.23

File size:
158.5 KB (162,288 bytes)

Product version:
4.0.0.77

Copyright:
Copyright (c) 2008 - 2014

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\opencandy_013f3e7d1a6a4e6caa5fe6470efe5071\du77i.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2014 5:00:00 AM

Valid to:
8/27/2015 4:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E3AA1B1FF2195D3F5E635CB4DDD31632

File PE Metadata
Compilation timestamp:
1/28/2015 10:52:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:0mEcxfm4rJwTID2icrqRA4hbN/kgww8wbFQT2IR6IvsUQJR6IvsUQ2:0hcxfmPs2rrybNXwkb+2uWLW2

Entry address:
0x66A90

Entry point:
60, BE, 00, 30, 44, 00, 8D, BE, 00, E0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.7177

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
144 KB (147,456 bytes)

Remove du77i.exe - Powered by Reason Core Security