ocsetuphlp.dll

RecEng Library

OpenCandy

The module ocsetuphlp.dll, “RecEng Library p103” by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory.
Publisher:
OpenCandy, Inc.  (signed by OpenCandy)

Product:
RecEng Library

Description:
RecEng Library p103

Version:
2.0.0.300

MD5:
e7c55f2cc572478e8c07e6f7b0d65fb4

SHA-1:
b3275b1c04beb15b88018ecaef039723552a99ce

SHA-256:
6d4db7c0b5723b70c47acc4ce23b2cf9b04927aef8df0f65e70eb39eb5aa98ee

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/24/2024 12:56:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy.Installer (M)
16.3.13.8

File size:
825.5 KB (845,296 bytes)

Product version:
2.0.0.300

Copyright:
Copyright (c) 2008 - 2015

Original file name:
RecEngLib.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ocsetuphlp.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2014 2:00:00 AM

Valid to:
8/27/2015 1:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00968F75DEF14B8896984D3B88276AFA95

File PE Metadata
Compilation timestamp:
3/24/2015 6:32:37 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:qP8WxtjwAwpJf4cjFho89P8WcLnoxCaAd+cT/6m0xm/nMjAk3:q+zwCogKooaAdLT/6Tm/MjAk3

Entry address:
0x61BCC

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, DF, B3, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, 56, 8B, 75, 08, 57, 33, FF, 89, 7D, FC, 3B, F7, 75, 1E, E8, 9F, 31, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, 91, EF, FF, FF, 83, C4, 14, 8B, C6, E9, 0B, 02, 00, 00, 6A, 24, 68, FF, 00, 00, 00, 56, E8, 80, AF, FF, FF, 8B, 45, 0C, 83, C4, 0C, 3B, C7, 74, CB, 8B, 08, 8B, 40, 04, 83, F8, FF, 89, 4D, F0, 89, 45, F4, 7F, 16, 7C, 08...
 
[+]

Entropy:
6.4068

Code size:
509 KB (521,216 bytes)

Remove ocsetuphlp.dll - Powered by Reason Core Security