home

audacity-2.0.5.exe

Audacity

Innovative Systems LLC

The application audacity-2.0.5.exe by Innovative Systems has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from audacity.ar.joydownload.co and multiple other hosts.
Publisher:
Innovative Systems LLC  (signed and verified)

Product:
Audacity

Version:
1.0.0.0

MD5:
4e6a563de970d2b8cda4e32dbbffc11e

SHA-1:
646fcb9e29452cbefdb38c9a057c0a6d633161e3

SHA-256:
d9641c4682ae5bd45affc55a76b5ff937e002e6fbefba4ec8297cd93d28a9484

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
5/6/2024 11:36:47 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.171.158

avast!
Win32:Malware-gen
2014.9-150514

AVG
Generic
2016.0.3109

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15514

Clam AntiVirus
Win.Trojan.Opencandy
0.98/21411

Comodo Security
ApplicUnwnt
18952

Dr.Web
Adware.Downware.6712
9.0.1.0134

ESET NOD32
Win32/JoyDownloader
9.10200

G Data
Win32.Trojan.Agent.DQLI8Z
15.5.24

IKARUS anti.virus
PUA.JoyDownloader
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13333

Malwarebytes
PUP.Optional.OpenCandy
v2015.05.14.11

McAfee
Artemis!4E6A563DE970
5600.6765

NANO AntiVirus
Riskware.Win32.Downware.dejknq
0.28.6.64267

Reason Heuristics
Threat.Installer.InnovativeSystems
15.5.14.19

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.15512

Sophos
Generic PUA GE
4.98

Trend Micro House Call
Suspicious_GEN.F47V0728
7.2.134

Trend Micro
ADW_JOYLOAD
10.465.14

VIPRE Antivirus
Opencandy
31910

File size:
489.8 KB (501,528 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\audacity-2.0.5.exe

Digital Signature
Signed by:
Innovative Systems LLC

Authority:
VeriSign, Inc.

Valid from:
5/18/2014 8:00:00 PM

Valid to:
5/19/2015 7:59:59 PM

Subject:
CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata
Compilation timestamp:
5/19/2013 7:53:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:8Kc34hwIjf3rUAHdhrRabntrFB8ihD78YRnFlla1EuwQ:8zIrl9h1abnrBj/nFXiEuwQ

Entry address:
0x333E

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, A8, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Entropy:
7.8397

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file audacity-2.0.5.exe has been seen being distributed by the following 2 URLs.

http://audacity.ar.joydownload.co/get_file/wUia6yjQOM7Cwj XOm6FVNv3RVqLTPkEhD4co2W4bJltCG3sGMxwdgEPwe PKn3fHm/ykZaMmeeEKqtHL8lleA8kdSWRAaQ9yXqXQOj6Sjmz7zMrMfYj2ZV9N1lkV4BXnCtGGgqyJd8vDnxGWmbSq5UzNXqdD0FYqt2awoEcKX2XGh asWNLBgonue9RjQuO4/.../83Dm2ouRnFmvV Udr9KYD7fXoF1cC5He8nmh0R5ID2zlL7ZLgszni0CIxX7M2pQnv7uNKamSYyJO8XV49kM34hu68=

http://audacity.joydownload.co/get_file/wUiS4WnYccXBwj sXP7oQkEsm10kPTijChOxatrZp7VpsTGr4Hp5iNEMJ1XvbKn3fHm6ykYNeiPVWby1E w9wr1gzcOVAwmV/iS7BkX9qjvm3 fa7dPbm3FJoZEiiBZIVny1Tnpnn4Aj/yHoW3GSA7ZdyM3zY25EKOVjZl1Nb738FXB3ctyfY09z3/igWzQuO4/.../9qTXux8VDIlu0rXczpL4XtfXof1cW3D799w0gH5sv3jFDyfPsww331WosU88WlQ2fsrcTYzz4rJLxAT5ZkYCsxu6GtHxBzjxSi3J5OECbzRVSnsZG9zQ4nNT8=

Remove audacity-2.0.5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.