» raidcall_v7.3.6.exe
Overview
Analysis
File Details
Downloads (1)

raidcall_v7.3.6.exe

Raidcall

Software Association LLC

The application raidcall_v7.3.6.exe by Software Association has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from raidcall.joydownload.ru.

File name:

raidcall_v7.3.6.exe

Publisher:

Software Association LLC (signed and verified)

Product:

Raidcall

Version:

1.0.0.0

MD5:

6d4a78c1b37b7916bb00bf769a1ebf48

SHA-1:

317f97a038b1aa4d9804331c81c92444c826397e

SHA-256:

e6efe07f583babdd53d229155c53acb0f463f437ecd509f86ded3fc079a86cbc

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

11/25/2024 3:25:54 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.OpenCandy.Software.Installer (M)

16.4.5.0

File size:

418 KB (428,048 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\raidcall_v7.3.6.exe

Digital Signature

Signed by:

Software Association LLC

Authority:

DigiCert Inc

Valid from:

1/13/2015 2:00:00 AM

Valid to:

1/21/2016 2:00:00 PM

Subject:

CN=Software Association LLC, O=Software Association LLC, L=Dnepropetrovsk, S=Dnipropetrovs'ka Oblast', C=UA

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0E1FC80B1C57AD69AA6F8D65D1CF90CF

File PE Metadata

Compilation timestamp:

5/20/2013 2:53:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:ciuoU7yoJwXGSpDCG9t/Vx/DTUHrvlMWDt96+S0bD39:Ao4BZStb9hT7TUTlXy+5L9

Entry address:

0x331C

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

24 KB (24,576 bytes)

The file raidcall_v7.3.6.exe has been seen being distributed by the following URL.

http://raidcall.joydownload.ru/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjykER33ZNnVtuh152b0sCsrn8kFdE3iY/j2PHmugA0MIGjPEe tCrQ3wLBmxtSWRAaT9T28SFT8 3G gefQvNKbm2JLq4dk2hYCCCfuT3wphshq9CPwSCHIGegPmZu9JTxEYro4PV5WZ738FXB5ctzMJBomiKb2GWUvfI/gh7RpW3ux8VDOlfV RsPkJJH/.../ykG1pQ=

Remove raidcall_v7.3.6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.