» connectify2.1.0.16410.exe
Overview
Analysis
File Details

connectify2.1.0.16410.exe

Connectify

The application connectify2.1.0.16410.exe by Connectify has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

Publisher:

Connectify (signed and verified)

MD5:

729a7bf23d64052ca1bde881bc9813af

SHA-1:

c48d1519c05088b9dc4b0af6da71aefaabddcd91

SHA-256:

5341b3921b75549adbe59365517c30bd045e63162728d9ba48f79832fea1bea0

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 4:02:03 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/OpenCandy.A.525

7.11.62.128

ESET NOD32

Win32/OpenCandy

8.8044

Fortinet FortiGate

W32/OpenCandy

12/3/2014

McAfee

Adware-OpenCandy.dll

5600.6928

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.12.2.5

Trend Micro House Call

TROJ_GEN.USVTJ27

7.2.337

File size:

2.2 MB (2,312,480 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\instalki dobreprogramy_pl\connectify2.1.0.16410.exe

Digital Signature

Signed by:

Connectify

Authority:

GlobalSign nv-sa

Valid from:

5/20/2010 4:48:35 PM

Valid to:

5/21/2011 4:48:28 PM

Subject:

CN=Connectify, O=Connectify, L=Philadelphia, S=PA, C=US

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

01000000000128B665BA0F

File PE Metadata

Compilation timestamp:

12/5/2009 11:53:18 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:JladY2vgqH0OKj06nL6IDZdkYk8vauvM8s2N8rQYKwddARZkrdi/:Wr0txL6INnkeaMOVSceHkk/

Entry address:

0x36A0

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

Remove connectify2.1.0.16410.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.