home

cyberpoweraudioeditinglab.exe

CyberPower Audio Editing Lab

Tsingsoft Imagination Information Technology Co., Ltd

The software installer may bundle adware as well as other potentially unwanted software using a download manager/installer from ClientConnect or OpenCandy. The application cyberpoweraudioeditinglab.exe, “CyberPower Audio Editing Lab Setup ” by Tsingsoft Imagination Information Technology Co. has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
CyberPower Tech, Inc.   (signed by Tsingsoft Imagination Information Technology Co., Ltd)

Product:
CyberPower Audio Editing Lab

Description:
CyberPower Audio Editing Lab Setup

MD5:
27d04f268804b9075c960b5a4cd6ab2c

SHA-1:
0f07e86b5ca6f78f9ccd4e03c7d17c988c6df5ac

SHA-256:
4bd6421b88560b1fd8bd8bc42f1e7b0f80cedbefee52b129878ffcf5dbcb4427

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/26/2024 8:34:24 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy
8.9548

NANO AntiVirus
Trojan.Win32.OpenCandy.cumjqq
0.28.0.58394

Reason Heuristics
PUP.Bundler (L)
16.11.29.16

File size:
9.6 MB (10,052,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\cyberpoweraudioeditinglab.exe

Digital Signature
Signed by:
Tsingsoft Imagination Information Technology Co., Ltd

Authority:
GlobalSign nv-sa

Valid from:
9/21/2011 6:12:19 AM

Valid to:
9/21/2014 6:12:19 AM

Subject:
CN="Tsingsoft Imagination Information Technology Co., Ltd", O="Tsingsoft Imagination Information Technology Co., Ltd", L=北京, S=北京, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211887AD441BA7E15E9131AAA0DEF9248A

File PE Metadata
Compilation timestamp:
1/30/2013 3:21:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:4PggaWgXgO+4pgqlDsFBgh0Xd/5yCPIBIc2j7c:O0lF+okou95yC7g

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file cyberpoweraudioeditinglab.exe has been seen being distributed by the following URL.

http://www.freemp3wmaconverter.com/CyberPowerAudioEditingLab.exe

Remove cyberpoweraudioeditinglab.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.