home

silverlight_x64.exe

Microsoft Silverlight

RICH MEDIA SYSTEMS INC.

The application silverlight_x64.exe by RICH MEDIA SYSTEMS INC has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from microsoft-silverlight.it.1800download.com and multiple other hosts.
Publisher:
RICH MEDIA SYSTEMS INC.  (signed and verified)

Product:
Microsoft Silverlight

Version:
1.0.0.0

MD5:
c621b28c4391d8c2b1eea61201ae732e

SHA-1:
8d022f49b7ae3bd0e1564cf41e2250d9389b2501

SHA-256:
ced22dd4b0774f6a4b7791873eeb9c763e7ac4b3754f118ee546624ad7b65701

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
1/13/2025 7:34:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.zu3@xOh9CYpi
5637198

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OpenCandy
2015.04.16

AVG
OpenCandy
2016.0.3137

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15416

Bitdefender
Gen:Trojan.Heur.zu3@xOh9CYpi
1.0.20.530

Clam AntiVirus
Win.Trojan.Agent-855157
0.98/21511

Dr.Web
Adware.Downware.10304
9.0.1.05190

Emsisoft Anti-Malware
Gen:Trojan.Heur.zu3@xOh9CYpi
9.0.0.4799

ESET NOD32
Win32/OpenCandy.C potentially unsafe application
7.0.302.0

Fortinet FortiGate
Riskware/OpenCandy
4/16/2015

F-Secure
Gen:Trojan.Heur.zu3@xOh9CYpi
5.13.68

G Data
Gen:Trojan.Heur.zu3@xOh9CYpi
15.4.25

K7 AntiVirus
Trojan
13.202.15610

Malwarebytes
PUP.Optional.OpenCandy
v2015.04.16.02

McAfee
Trojan.Artemis!C621B28C4391
16.8.708.2

MicroWorld eScan
Gen:Trojan.Heur.zu3@xOh9CYpi
16.0.0.318

Norman
Gen:Trojan.Heur.zu3@xOh9CYpi
03.12.2014 13:20:04

Panda Antivirus
PUP/OpenCandy
15.04.16.02

Reason Heuristics
PUP.Installer.RICHMEDIASYSTEMS
15.5.8.23

Sophos
PUA 'OpenCandy'
5.12

Trend Micro House Call
Suspicious_GEN.F47V0415
7.2.106

VIPRE Antivirus
Threat.4847482
38882

File size:
415.6 KB (425,616 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\programs\silverlight_x64.exe

Digital Signature
Signed by:
RICH MEDIA SYSTEMS INC.

Authority:
Symantec Corporation

Valid from:
2/17/2015 3:00:00 AM

Valid to:
2/18/2016 2:59:59 AM

Subject:
CN=RICH MEDIA SYSTEMS INC., O=RICH MEDIA SYSTEMS INC., L=HENDERSON, S=Nevada, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3F87144C25AF8BCF29F29C5A1FEEF4BA

File PE Metadata
Compilation timestamp:
5/20/2013 2:53:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:3iu5c48+O9lj1yKg4GqgIaOUWz7sV7ntO+Pihr1pk:p5e+OlyjOaNWfsNArhU

Entry address:
0x331C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Entropy:
7.8545

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file silverlight_x64.exe has been seen being distributed by the following 5 URLs.

http://microsoft-silverlight.it.1800download.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmV89fDKlEgqtI87Y9ukx53e5 zYmlJxNP0ykYr/2LSXlnAFKOSCGGuCtCvZun/81hprEUFTVkGf CFii8C6tgLbbqNPKxzwX9cBykV4BXnWtGDx1k9EivSH5UHHAGehOw4TrNT0Va7ogJFsFNaXlAzI/IYybNBB7hqDgEC8ne4f62eU TWO7slDdyKYvRM7sOYfsM2NXnMu/HOM2wkRGr9e 0g68c ksy2rzQZMEuZ//UXKquZKaiGp5M6RIBo47M20hsuelGhpzhVW61ddWV2jzDU75opD2xh0ufXjHsnhUhI3BOzGiQUvPjP53bRD7mA==

http://microsoft-silverlight.pl.1800download.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1Ghj1cteQv I253eq ysyl4pHaAW7erC/NXG9ykYFazDORKr4TvEqgOA8gpPfW1XGp2vqBwX9vnGt3r2R95uNg2gSq5Q0gVxCXH kCjx 18kq9Dm5AzeLS VWyc/qdD0FYqt2awoEcKX2XGh asWNLBgonue9RjQuO4/.../83DGy4tVrdl7xmBpivL4G8ZDJW2MuvWrB6y0JSrpr2zlL8ZLgjznDzEcQe5MaySWuq6s3Wz258PuEbAet1P3s95aryDxEihBW6xYQdRz7qRQfxqYjnxB0ufXjHsnhUhI3BOzGiQUvPjP53bRD7mA==

http://microsoft-silverlight.es.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv E8/yG6sGMxwdoEP0b1Y/j2OXmulRwYayHZCeL ErQzwbBmxc bBAWavCX7BlS34S tgLbbqtPKlWdDpYc7wF9BXmTkU2pnn5oj/yPxGWmfSq4Kl5u1YnUVY/o4LBIdMa/wRHE8cs3ENF172LPvUSwjcpfw0 g3CWmouRnFn/V XcvpYsntZXNWzcK D JnlRwV55qp1Bu4Mvs80m76EcQe5MW6SWu06sLSxW9/MfJeBt1hfyph7LvwRV5zhVW609dWRXW9Ux/.../j9WgYCEaDbHDUfZlq83PBD7mA==

http://microsoft-silverlight.pl.1800download.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhz4coqK6bYk5ib0o2F42ZhXcQGyKuelaCv4rxxeNn3ZU7y1E/Y9wLNynZ/JFQfS9S3yHkX0qnD8gfbbvJqBxXFA J8xi14BXnCtGGs91JprqznxA2mYRL5VzsPhMzQCY/o4LBIddfajRHE8csjENBkgiaPjEjQuO4/02/.../Jj4UXKquZaaiGt5OeIcAscvMjwpseKtD044zVbshpQBUXDzDU75oZvu1VJ8bTCb zVCmcSQaS7uEAOB0a0nLRD7mA==

http://microsoft-silverlight.pl.1800download.com/get_azure_file/wUiS4WnYccXDyCf4UfO5CV530RJ0YyqsWxLwYdbB6Lplrzq9/T421phXcQGyKuelaCv40l8bOGGGCa3jCr50ybhq1sePDE b/.../bhD7mA==

Remove silverlight_x64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.