» aiwizard_1.0.0.1.exe
Overview
Analysis
File Details

aiwizard_1.0.0.1.exe

AI Wizard

Becker Games, LLC

The application aiwizard_1.0.0.1.exe, “AI Wizard Setup ” by Becker Games has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

Publisher:

Becker Games, LLC (signed and verified)

Product:

AI Wizard

Description:

AI Wizard Setup

MD5:

e5b8c02c24f7a91d020a1ce2e37352d8

SHA-1:

6d6c412da838d39b59163233fc7a546d349bc54f

SHA-256:

2eda132ffc12956b44cf7383c936d6fc7789ee2032784847595ff1f9510f6dcd

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 3:01:06 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

PUA/OpenCandy.Gen

8.3.3.4

Dr.Web

Adware.OpenCandy.152

9.0.1.073

ESET NOD32

Win32/OpenCandy potentially unsafe

11.13289

G Data

Win32.Application.OpenCandy

17.3.25

NANO AntiVirus

Riskware.Win32.OpenCandy.dwzazk

1.0.18.7201

Reason Heuristics

PUP.OpenCandy.Installer (L)

17.3.14.15

File size:

1.7 MB (1,794,176 bytes)

Product version:

1.0.0.1

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\aiwizard_1.0.0.1.exe

Digital Signature

Signed by:

Becker Games, LLC

Authority:

COMODO CA Limited

Valid from:

4/28/2013 8:00:00 PM

Valid to:

4/29/2018 7:59:59 PM

Subject:

CN="Becker Games, LLC", OU="Becker Games, LLC", O="Becker Games, LLC", STREET=11000 Nash Rd, STREET=Chesterfield, L=Chesterfield, S=VA, PostalCode=23838, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DB48510051DE5A489182EB9589CD38AB

File PE Metadata

Compilation timestamp:

1/30/2013 9:21:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9613

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

Remove aiwizard_1.0.0.1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.