home

axcrypt-1.7.2976.0-setup.exe

AxCrypt

Axantum Software AB

The application axcrypt-1.7.2976.0-setup.exe, “AxCrypt Installer with OpenCandy Offer” by Axantum Software AB has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.conecptbitsfarm.com and multiple other hosts.
Publisher:
Axantum Software AB  (signed and verified)

Product:
AxCrypt

Description:
AxCrypt Installer with OpenCandy Offer

Version:
1.7.2976.0

MD5:
959469ec27d28cd847fb82412f494bb0

SHA-1:
bbe418a74fe1ce2f7aed2eaa1a9c2d60d2fa18fc

SHA-256:
e75dab1bf8b37adf09390f9eaae74677a21cf79262dd79c14774923ad8c8ffa3

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/19/2024 10:59:48 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy
7.9313

Malwarebytes
PUP.Optional.OpenCandy
v2013.12.24.09

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.131222

File size:
3.2 MB (3,406,576 bytes)

Copyright:
© 2001-2011 Axantum Software AB

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\axcrypt-1.7.2976.0-setup.exe

Digital Signature
Signed by:
Axantum Software AB

Authority:
COMODO CA Limited

Valid from:
2/20/2012 4:00:00 PM

Valid to:
2/20/2014 3:59:59 PM

Subject:
CN=Axantum Software AB, O=Axantum Software AB, STREET=Dalgangen 1, L=Jarfalla, S=Stockholm, PostalCode=SE-177 60, C=SE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
15BA9ADE9B964B75C6EF6392BF68BFFB

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:sYZbO1duxm3rsObA6x6Sv2b6t3AzMOWVeEo:7Zi1dQm7dA6L2bsaMxeEo

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9953

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file axcrypt-1.7.2976.0-setup.exe has been seen being distributed by the following 15 URLs.

http://www.conecptbitsfarm.com/nMJi8WfeXfsucry40oSsCIGvnDdZiikj4Z34vAzqc4PFXVzmzwo1zV86ptb Xkpesyq7YoY2oKFQKXNdkblkPwjMokdjxMG0Ebk1AQ5awLx3qNLFc0l4SAIHmvYLQ_fq_EtTm 7nohEMeghyV6MYDkQkQdjDLL1e0nj19q6WtY3pJXwppqzYM_hV4w7_378K86V93 HY0KQ5r5rXBs30ByJTEQ88FLTxH RpqRJoz9UehJT_NQhkaHReJs5 q5AoVi3IXnjEPZH7hjLqNu_3u3WLrVoDwBsv_uiTm4MQ23g1FjFCvCPRWgEGRKS3uxfJWolkeN_5iWELv5xWzpMDjughD8g8rocMch6fS78CDbx5gY2JqedxAhaMaNIQO2E5f6tUQzmZFd72dUfD5G962bNorlPAnWNmvDbCJVlfG5brtYrhFxT0_hvDbW3bQrrE0o8gCbnPUReajzo8WD5OiMC9GxQY1uyeQe0EfTdPuEThByAHwValKy4BXE45M4MUiRp1QCkB-G3kAAMTctG1z1NkhiNMkIfjBV64JtE45cGgFbQF1gzt9ftCNhYd2EBzCsRnkNr74E_yP gbfc_2Pj9msWZ0cl33LYPSKkEx3ea9BKk2wE84KapvQKXntPL0uaIgH-e

http://neighborsinfo.tistory.com/.../cfile6.uf@22291D34569F14F329AD43.exe

http://gsf-cf.softonic.com/bbe/418/.../file?SD_used=0&channel=WEB&fdh=no&id_file=24475&instance=softonic_es&type=PROGRAM&Expires=1425804679&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=V4vbQGsbAXr2JgVTVHi5cvMdLsJMqdsGN3RcseydTQTtxARyVlJBdhiEOZnK6EX7ACyeZ-2IzYOvdn~mvI1mwnyKKT7oO43OvMMy~eIeyIWXtgrJ~NHtjaBCQlBhrDB7y4o4kXKtd7nbwluP-o9E2J55tJoIGIiz7jg51KyP7Wo_&filename=AxCrypt-1-7-2976-0-Setup.exe

http://gsf-cf.softonic.com/bbe/418/.../file?SD_used=0&channel=WEB&fdh=no&id_file=24475&instance=softonic_es&type=PROGRAM&Expires=1440972659&Signature=adR35gMAxCCfH~va0bJwyk~JonshjgrmbfZLuPY4HGfxeglxDk41A9roUgmCg6f6NcUoNi3k78vBAD7vaKGyfnPM1Yn8~nloTDzS4sJ-GEUga6SQwj6Ru378-3MHJurpmk-SNm2kJtpDJvnG37xid5hygNK5kffpXii8mgS7pls_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AxCrypt-1-7-2976-0-Setup.exe

http://omail.strefa.pl/.../getAttachment.html?type=a&fid=1&mid=23_$MyZJX&mpid=2&f=AxCrypt-1.7.2976.0-Setup.exe

http://itgroovy.tistory.com/.../cfile27.uf@2601D84B52C38DE5065F5A.exe

http://gsf-cf.softonic.com/bbe/418/.../file?SD_used=0&channel=WEB&fdh=no&id_file=24475&instance=softonic_es&type=PROGRAM&Expires=1432399568&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=Zg2E1uNA8ZfiHLZ17gpNio0jkzMIAZ1~lLWxswzmE4t~wvVFwYJS7E-mRJSFlkhzlZ6ZUQJQrgOYDqt01a0A~sGGl50EdJNBuEg5cF4qtKj0tA3bFhaLwNRMLEAnumSHd~TnrvVDugQjZrj04UrjMg0UjCry7HX9BedSvSlI--4_&filename=AxCrypt-1-7-2976-0-Setup.exe

http://software-files-a.cnet.com/s/software/12/83/00/.../AxCrypt-1.7.2976.0-Setup.exe

http://www.tamindir.com/indir/MjAxNS0wMi0xNSAyMzo0NzoxOQ==/axcrypt/.../1.7.2976

http://download.pcwelt.de/area_release/files/AF/2D/.../AxCrypt-1.7.2976.0-Setup.exe

http://soft.archive2.clubic.com/files/8a150df22cceeeb8fc11b6704110d076/52c0b37b/.../axcrypt_1-7-2976_fr_12208.exe

http://soft.archive1.clubic.com/files/daf042b5cba0213c13c311f6eae97fd5/52be112a/.../axcrypt_1-7-2976_fr_12208.exe

http://www.axantum.com/.../AxCrypt-1.7.2976.0-Setup.exe

http://www.filehippo.com/download/file/.../

http://www.commentcamarche.net/download/.../telecharger-3673524-axcrypt

Remove axcrypt-1.7.2976.0-setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.