home

RecHelper.dll

Rec Helper

OpenCandy

The file RecHelper.dll by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory.
Publisher:
OpenCandy, Inc.  (signed by OpenCandy)

Product:
Rec Helper

Description:
Rec Helper p104

Version:
2.0.0.279

MD5:
88a7426dbef8f88e4c98fc930a57f69e

SHA-1:
2a9f25dc59467c423b6a169b8ba483b5f1e2a29c

SHA-256:
841abc6ca84e7a56fea83316dbf2e72bf627d22340dde2d79b793e98a8baf4a5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/23/2024 7:31:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.6.20.1

File size:
834.5 KB (854,512 bytes)

Product version:
2.0.0.279

Copyright:
Copyright (c) 2008 - 2015

Original file name:
RecHelper.dll

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ocp459e.tmp

Digital Signature
Signed by:
OpenCandy

Authority:
COMODO CA Limited

Valid from:
8/26/2014 3:00:00 AM

Valid to:
8/27/2015 2:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D8969D7474F2E05D880A6058A425B9A3

File PE Metadata
Compilation timestamp:
2/25/2015 2:08:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:ukJwxU5mVsaPCSWl0Apgt49cEFa0TZMv5hbzs:sUIP+GApOHQa0TZWhbzs

Entry address:
0x6329C

Entry point:
92, C9, B2, 7A, 4B, 05, 9F, A0, 9B, 1D, EB, F9, 34, FD, 50, E6, FA, 59, 49, 20, 99, 8B, 77, 7B, 25, D3, BC, 39, 93, D0, DA, CE, EF, A3, EA, 47, B1, 3F, 5A, 23, 3A, D1, 5A, 86, 74, BD, 16, 87, 35, 6A, EF, AB, C7, FA, EF, 26, B8, A0, 42, 75, 5A, B7, C7, 49, E8, 4D, DF, D5, BC, B7, 71, 74, 3A, 84, 31, D5, 2B, 7B, DC, 9A, 13, 52, 64, 3F, 73, FC, A0, 8C, 62, AD, 5B, F5, 68, 82, FF, FA, 3B, FB, 68, CD, 27, AD, 4D, 4F, 80, 21, 18, 0F, 37, EC, 6F, 3C, EB, 21, 54, 2E, 03, 43, 00, 16, 79, 27, 6F, 6B, 0B, B7, 66, 8F...
 
[+]

Entropy:
6.9166

Code size:
515.5 KB (527,872 bytes)

Remove RecHelper.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.