home

candle.exe

Windows Installer XML

PerformanceIT

Publisher:
Microsoft Corporation  (signed by PerformanceIT)

Product:
Windows Installer XML

Description:
WiX Toolset Compiler

Version:
3.6.2109.0

MD5:
f14d1ca09e6f9cd77caa86bcd7cc644c

SHA-1:
aa1cbdbead354301e950854bb92dacfa1e97701d

SHA-256:
794f30c1946d231266a3e278849b5fa03c85b814b79e96804021dab8cfe7b526

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/9/2024 10:56:07 AM UTC  (today)

File size:
33.8 KB (34,624 bytes)

Product version:
3.6.2109.0

Copyright:
Copyright (c) Microsoft Corporation.  All rights reserved.

Original file name:
candle.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\apps\2.0\863rgoj8.jcx\gypjh1th.w45\rapi...exe_f2bc56ff93dd3dff_0004.0000_none_98d99290511e2fca\candle.exe

Digital Signature
Signed by:
PerformanceIT

Authority:
VeriSign, Inc.

Valid from:
4/27/2011 8:00:00 PM

Valid to:
5/25/2013 7:59:59 PM

Subject:
CN=PerformanceIT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PerformanceIT, L=Atlanta, S=Georgia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6BEAB05305E712EAB917ABAEC418C64E

File PE Metadata
Compilation timestamp:
9/9/2011 3:17:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:Jb6qfy4QT6UE0b5weWHaMtzHvNgDECmU1sq4W4qpYJLeFV+n1eMtr:Jb6qfoT0L6k4f0qELWyr

Entry address:
0x557E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.6307

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
16 KB (16,384 bytes)

Scan candle.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.