home

passwdfinderinstaller.exe

KeyFinder LTD

The application passwdfinderinstaller.exe, “PasswdFinder Setup ” by KeyFinder has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from r2.computerbild.de and multiple other hosts.
Publisher:
PasswdFinder   (signed by KeyFinder LTD)

Product:
PasswdFinder

Description:
PasswdFinder Setup

Version:
1.0.0.25

MD5:
3c798b97bf7da53a53eafae675577adb

SHA-1:
3bb1105a38afe5a81f0f86d171a19d966ca038cd

SHA-256:
8bcd0f96e7f3be3ba914cca9712ecabb1c364c89c7f34c2d7c1ef5a69dbeb1d2

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/24/2024 10:09:49 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy
7.9190

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.11.28.21

Trend Micro House Call
ADW_OPENCANDY
7.2.357

Trend Micro
ADW_OPENCANDY
10.465.23

File size:
4.3 MB (4,546,280 bytes)

Product version:
1.0.0.25

Copyright:
Copyright © 2013 KeyFinder LTD.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\passwdfinderinstaller.exe

Digital Signature
Signed by:
KeyFinder LTD

Authority:
Starfield Technologies, Inc.

Valid from:
2/25/2013 7:33:53 PM

Valid to:
4/26/2016 5:14:03 PM

Subject:
CN=KeyFinder LTD, O=KeyFinder LTD, L=Eastbourne, S="EAST SUSSEX ", C=GB

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B12EAD0A0A9F5

File PE Metadata
Compilation timestamp:
10/9/2012 10:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:szbeUhU7x6e5YxCIN4w7G4feZ1s+JYkW/uP2:sPNU7x6fNa17iLO2

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file passwdfinderinstaller.exe has been seen being distributed by the following 6 URLs.

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../PasswdFinderInstaller.exe

http://dw.uptodown.com/dwn/bg25wfBw2Oey_A0QR5BMbKRxYWUauityjFJ38FN3MzAXFlfh2AswoK7ktzapEebMX0g-2yi3WTlJ49EWtRKqp3M-s-OK7HqWqeCkUr9XK9OplCLe32EUVp3JL6FfOXfQ/P1i7dXb_KZLJxtOrjigdHmcPm8jbJzC2M9MJq25e5PHt4qb8PJjRNkosW8OZIKW54Cx_PJZjhN7Sh5L2hpgkZ9kOO0jq-1aTiWhPsJqz47spufSYWALONVttC4w-K2x_/_kJYHdj2_UZLybOhl0tfKqOk98LywL5zP9L7bcjKsJ_BDH_BGzH6KN3OSfxUlXY6borioFaiHMwHuHwFpOqdnH7ILL2r3F8hrNSF1PqUrMRwr9zCiww4FbohPbyqxr9f/.../

http://dw.uptodown.com/dwn/55ih6JPw0bH6YOJg3eKuUG2cegutG9c_1P4UA3xGsGyCDpqzl1B0a_P4rwQ-8PTSrM6O6ALAiLTE0FrBlVLeO47SACJhnPmkbrybO7MIWCi-TdA5-cHgVOJPiKRK187O/LNReUWNwt6vEsEob-BQbZ8C2fByrXQRaVIZs_aFIDEZiEwuXVPCcV4tN93MXqqZwNMVQoMxLhC6YnqvX3nDINk69Rskg13M9QRsQSrVBClg0i5TzYv_htw_nVTVwR341/.../

https://doc-14-58-docs.googleusercontent.com/docs/securesc/v21qnovnjsj966aesn3e67dt9obhkp2s/bndoohpsqsbs7j4l71uub8t2091bc5uh/1412416800000/.../00271337803975003311/0B3VqcLP_YCyfOFlUX0QwLVU0cTA?e=download&h=16653014193614665626&nonce=aanpav97hn6f6&user=00271337803975003311&hash=neg88hlhqer62tpvfk0n7dt1vcl2lhp9

http://dl.cdn.chip.de/downloads/.../Passwd25FinderInstaller.exe

http://www.magicaljellybean.com/.../PasswdFinderInstaller.exe

Remove passwdfinderinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.