vreveal_2.0.5.7748.exe

MotionDSP Inc.

The application vreveal_2.0.5.7748.exe by MotionDSP has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from ec.ccm2.net and multiple other hosts.
Publisher:
MotionDSP Inc.  (signed and verified)

MD5:
b34ca82ab65c2d9b790cf4f038799a1f

SHA-1:
942916767664e146ace86e3c182b096cff81a415

SHA-256:
618ee06795415f71d9c825b38fef8d0f36715d483820dd245b0a8872151e6a33

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/26/2024 2:57:28 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.14515

Emsisoft Anti-Malware
Gen:Variant.Adware.Spacekit
8.14.05.15.11

ESET NOD32
8.9536

Fortinet FortiGate
W32/OpenCandy
5/15/2014

K7 AntiVirus
Unwanted-Program
13.176.11422

Malwarebytes
PUP.Optional.OpenCandy
v2014.05.15.11

Microsoft Security Essentials
Adware:Win32/OpenCandy
1.10302

File size:
18.6 MB (19,463,688 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\vreveal_2.0.5.7748.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
2/19/2009 7:16:19 PM

Valid to:
2/19/2011 7:16:19 PM

Subject:
CN=MotionDSP Inc., OU=www.motiondsp.com, O=MotionDSP Inc., L=San Mateo, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
02A2E56599

File PE Metadata
Compilation timestamp:
9/9/2009 3:23:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:n2YXzTFzhFYh96Bxv2s++zKit4psiKI9m/4OmTQPTLmFFJkN6z1O4jUdgJVs:nNvFzhW/Ov0+mtpII8/4O/nmjWN65O4s

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file vreveal_2.0.5.7748.exe has been seen being distributed by the following 5 URLs.

http://ec.ccm2.net/br.ccm.net/download/.../vReveal_2.0.5.7748_2.0.5.7748.exe

Remove vreveal_2.0.5.7748.exe - Powered by Reason Core Security