» little alarm clock-[gtd].exe
Overview
Analysis
File Details

little alarm clock-[gtd].exe

Little Alarm Clock

Nicholas Hamnett

The application little alarm clock-[gtd].exe, “Open source alarm clock” by Nicholas Hamnett has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

Publisher:

Little Apps (signed by Nicholas Hamnett)

Product:

Little Alarm Clock

Description:

Open source alarm clock

Version:

0.4.0

MD5:

4e482681f17267f7ac23dfa0a27b8e91

SHA-1:

3fb8abf7178d32d9f17c790a5bdd0d8630b6ecc5

SHA-256:

4e0a6c878acfb92d7b16f3510e1193757e783dc1aba8649abb4810ca78cbf474

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/24/2024 5:25:23 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

OpenCandy

2016.0.3086

Dr.Web

Adware.OpenCandy.116

9.0.1.0158

ESET NOD32

Win32/OpenCandy.C potentially unsafe (variant)

9.11675

G Data

Win32.Adware.OpenCandy

15.6.25

IKARUS anti.virus

AdWare.Win32.OpenCandy

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.204.16012

Malwarebytes

PUP.Optional.OpenCandy

v2015.06.07.09

McAfee

Artemis!4E482681F172

5600.6742

Reason Heuristics

Win32.Generic.Installer.Meta

15.6.7.5

VIPRE Antivirus

Opencandy

40506

File size:

1.5 MB (1,562,432 bytes)

Trademarks:

Little Apps are licensed under the GNU General Public License v3

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\data\little alarm clock-[gtd].exe

Digital Signature

Signed by:

Nicholas Hamnett

Authority:

StartCom Ltd.

Valid from:

4/11/2014 2:07:27 AM

Valid to:

4/10/2016 6:06:36 AM

Subject:

E=nick@little-apps.org, CN=Nicholas Hamnett, L=Calgary, S=Alberta, C=CA, Description=9k6ekwkCO7QG1GnN

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0E0C

File PE Metadata

Compilation timestamp:

4/10/2010 8:19:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:CmJVFCEFVZ0jf5NyBssZoAdBw7bjO5d6EksFaONveznpjk:CiFVWyBlZoyBw7bjOWEgkvYpjk

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.9897

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove little alarm clock-[gtd].exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.