zoipercommunicatorfreelatest.exe

SECURAX

The application zoipercommunicatorfreelatest.exe by SECURAX has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
SECURAX  (signed and verified)

MD5:
993638f10c51b7729ab931619000be72

SHA-1:
30197f945c80a214f97babdf09e8c612bf1e5368

SHA-256:
711b4e9ca7083a327cc8e865ed8380caf711d5fab513152a759e4d18fa2d49ac

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/9/2024 1:12:37 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy potentially unsafe
10.12434

Fortinet FortiGate
W32/Adware_fam.NB
4/14/2016

G Data
Win32.Adware.OpenCandy
16.4.25

Malwarebytes
PUP.Optional.OpenCandy
v2016.04.14.09

McAfee
Artemis!993638F10C51
5600.6430

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.4.14.9

Sophos
OpenCandy (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
44676

File size:
5.1 MB (5,379,368 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\zoipercommunicatorfreelatest.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
11/9/2010 5:00:00 PM

Valid to:
11/27/2011 4:59:59 PM

Subject:
CN=SECURAX, O=SECURAX, L=Sofia, S=Sofia, C=BG

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6C43DDFE28854BC1C0B572BEECAEBD62

File PE Metadata
Compilation timestamp:
1/28/2009 12:42:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:KBNjSoyJnzjCeAJsUTS4GNJzoiOhe2lEKySjtc76+2/DlV+BnrZ:KBNjG13CfOjNxo1EKXQ6+2/Dv+19

Entry address:
0x3542

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 64, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 32, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 20, 26, 00, 00...
 
[+]

Entropy:
7.9986

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

Remove zoipercommunicatorfreelatest.exe - Powered by Reason Core Security