setup_entrustedbrowser.exe

OpenCandy

The application setup_entrustedbrowser.exe by OpenCandy has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the OpenCandy Installer installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

MD5:
cc2bd5d5a09e79cacab69dbddab97a82

SHA-1:
5fee97750cff7d447ae2cb3ca53b324e2d0b6515

SHA-256:
ff3c5d4cc0245aad2ba36a06ea637d48fe08406ab00a75c4826ca114314bed92

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 11:14:29 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
OpenCandy
2016.0.3133

Reason Heuristics
PUP.OpenCandy.Installer
15.4.20.11

File size:
33.5 MB (35,171,168 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OpenCandy Installer (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\roaming\opencandy\7854a9fa7ec94e98a0fdabd7f903d848\setup_entrustedbrowser.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/26/2014 1:00:00 AM

Valid to:
8/27/2015 12:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
132982A2FBDC37FCDC8D57346010BC5F

File PE Metadata
Compilation timestamp:
10/7/2014 5:40:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:EzGkv9VNg9AIMyJcS26KP41ue3ixFDKlvRWbQEtUeuL89j3y:+x606KAQe3iPDgotUeuL2zy

Entry address:
0x31FF

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 09, A3, 78, 92, 42, 00, E8, FD, 2E, 00, 00, A3, C4, 91, 42, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, 70, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, C0, 81, 42, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.9999

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setup_entrustedbrowser.exe - Powered by Reason Core Security