home

1. lcpd first response 1.1 installer.exe

LCPD First Response

G17 Media

The application 1. lcpd first response 1.1 installer.exe, “LCPD First Response Installer” has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
G17 Media

Product:
LCPD First Response

Description:
LCPD First Response Installer

Version:
1.0.0.0b

MD5:
dd15a0a31cb1fc2212092cba519f8b17

SHA-1:
da2070c1ff07372053b6e2b9eebe1733a92d1718

SHA-256:
86bb3c2e5bf74ec93db4aa4debcecb0009ab6997de80efcfa68b0b17f3f58813

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/19/2024 8:28:31 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy.A potentially unsafe application
8.0.319.0

Kaspersky
not-a-virus:AdWare.Win32.OpenCandy
15.0.0.562

McAfee
Trojan.Artemis!85894D4CB230
18.0.204.0

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.4.1.9

File size:
2.4 MB (2,502,143 bytes)

Product version:
1.0.0.0b

Copyright:
? G17 Media

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\1. lcpd first response 1.1 installer.exe

File PE Metadata
Compilation timestamp:
12/25/2013 12:01:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:pwT8hubsBqVwyrkm2J/bC+mGnq8ZsefefJqOoLFv5+LM7zqM/fJm9k1iwc:64hisAVpgJzz3BKoXuM7zlfA+1iwc

Entry address:
0x3219

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A...
 
[+]

Entropy:
7.9932

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 1. lcpd first response 1.1 installer.exe has been seen being distributed by the following URL.

http://www.lcpdfr.com/files/file/.../?do=download&r=121318&confirm=1&t=1&csrfKey=94ffbb2e3b629b5127a007b67300cf10

Remove 1. lcpd first response 1.1 installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.