du90c.exe

Installation helper

OpenCandy Inc

The application du90c.exe by OpenCandy Inc has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc)

Product:
Installation helper

Version:
4.0.0.90

MD5:
9ff728357c04c77b32e19c88c7cf9539

SHA-1:
1d3b733c535c8c2444cc25a16953e65131ae623d

SHA-256:
b494d8ccc09656cb1bf8853b503c9476625a06182f4a90ff9c66d8f26e5740c1

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/25/2024 1:57:04 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.03.11

Dr.Web
Adware.OpenCandy.73
9.0.1.071

herdProtect (fuzzy)
2015.6.19.7

Reason Heuristics
PUP.OpenCandy
15.3.12.22

Trend Micro House Call
Suspicious_GEN.F47V0311
7.2.71

File size:
157.2 KB (161,016 bytes)

Product version:
4.0.0.90

Copyright:
Copyright (c) 2008 - 2015

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rheng\50437b62b50349198d32e34e0a7438df\du90c.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/28/2014 3:00:00 AM

Valid to:
6/29/2015 1:59:59 AM

Subject:
CN=OpenCandy Inc, O=OpenCandy Inc, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5247E3098A65541C2BA1CE82C2E87832

File PE Metadata
Compilation timestamp:
3/9/2015 7:06:19 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:XmNoKpwcxfm4rrwTID2icrqRA4hbN/kgww8wvFQT2IROKfMa:X6r2cxfm1s2rrybNXwkv+2oB

Entry address:
0x66A90

Entry point:
60, BE, 00, 30, 44, 00, 8D, BE, 00, E0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8426

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
144 KB (147,456 bytes)

Remove du90c.exe - Powered by Reason Core Security