home

cnet_techtracker_1_3_52_setup.exe

CNET TechTracker

CBS Interactive

The application cnet_techtracker_1_3_52_setup.exe, “CNET TechTracker Installer” by CBS Interactive has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
CBS Interactive  (signed and verified)

Product:
CNET TechTracker

Description:
CNET TechTracker Installer

Version:
1.3.0.52

MD5:
9eae97bc46f3ba4dc9f6f0aa17e2053b

SHA-1:
d55fe353a9f04b5bfa6e1c84a29bb242f5dea86e

SHA-256:
8ee6f935c212c0c4052182a69bcb7f0bb4cd15595411759db9e7bee36a6f99da

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/19/2024 11:45:12 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Hacktool.Win32.OpenCandy
4.0.3.1588

ESET NOD32
Win32/OpenCandy potentially unsafe
9.11581

Fortinet FortiGate
W32/Adware_fam.NB
8/8/2015

G Data
Win32.Adware.OpenCandy
15.8.25

Malwarebytes
PUP.Optional.OpenCandy
v2015.08.08.07

McAfee
Artemis!9EAE97BC46F3
5600.6680

Reason Heuristics
PUP.CBS.Bundler (M)
15.8.8.3

Sophos
OpenCandy
4.98

Total Defense
Win32/Tnega.LARCWID
37.1.62.1

Trend Micro House Call
TROJ_GEN.R047H05BH15
7.2.220

VIPRE Antivirus
Opencandy
39968

File size:
3.2 MB (3,404,816 bytes)

Product version:
1.3 Build (52)

Copyright:
Copyright (C) 2009

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install (using Nullsoft Install System)

Language:
Language Neutral

Digital Signature
Signed by:
CBS Interactive

Authority:
VeriSign, Inc.

Valid from:
7/23/2009 7:00:00 PM

Valid to:
7/24/2011 6:59:59 PM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5BD0BBF0908ABA158E3FF8AACEA4CD92

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:6D3emaA4ClFgd8GTUhovuKHowW6ytMBhpKk2UGKS/43Hpp:i3erqlad82UR6IMBhpJ2UGW3pp

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9985

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove cnet_techtracker_1_3_52_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.