home

nero-lite-10.0.10600.exe

Nero BurnLite

Software Association LLC

The application nero-lite-10.0.10600.exe by Software Association has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from nero-burn-lite.joydownload.pl.
Publisher:
Software Association LLC  (signed and verified)

Product:
Nero BurnLite

Version:
1.0.0.0

MD5:
ccef56ee4d8911f0ce7742b0d126382c

SHA-1:
ef579aefe8216bae8432bcfe44d896a77f011753

SHA-256:
56280ba8f1d1a49acbe311fc9a9cbc0520c6cd3432d4cb199da0ef1d0f6e0081

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/25/2024 10:26:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy.Software.Installer (M)
16.4.30.23

File size:
418.2 KB (428,256 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\nero-lite-10.0.10600.exe

Digital Signature
Signed by:
Software Association LLC

Authority:
DigiCert Inc

Valid from:
1/13/2015 1:00:00 AM

Valid to:
1/21/2016 1:00:00 PM

Subject:
CN=Software Association LLC, O=Software Association LLC, L=Dnepropetrovsk, S=Dnipropetrovs'ka Oblast', C=UA

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E1FC80B1C57AD69AA6F8D65D1CF90CF

File PE Metadata
Compilation timestamp:
5/20/2013 1:53:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:iiucV6erqf3M59YQFwlXUFXIFa4iwRQxP+09Y6UMM/hBkn1riRlSidb+d/KyE:iiuCqfP/B44dymkIM5MbsKyE

Entry address:
0x331C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file nero-lite-10.0.10600.exe has been seen being distributed by the following URL.

http://nero-burn-lite.joydownload.pl/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhnyas6H7KB2sTS35you2dBNJ0bjYqmiajHj3QYdcD2RR7DjTac8gLNjztTEXliD9GzyDkzlu3qtgLbbrdPK1zofs55ziVZIRnelDCx 18kv9DmvEiPAAulOw57rNjMDa7szKBsMNqS0XH51apiXek4wh LuECIvatunk7IoUjD 50fOnOFsGpO9dsKucSQUitO2XuMmlQ9Krpr2zlL/.../Mz4SXrjodLJzj4rPrxCRI9 M3wpoqL SQhqzRyz3c9FESrzDU75pZD2kVB5aieGqmFX19vZInqvV0qQ

Remove nero-lite-10.0.10600.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.