» daemontoolsnet510-0189_2.exe
Overview
Analysis
File Details
Downloads (223)

daemontoolsnet510-0189_2.exe

DAEMON Tools Net

Disc Soft Ltd

The application daemontoolsnet510-0189_2.exe, “DAEMON Tools Net Setup” by Disc Soft has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from mirror22.mountspace.com and multiple other hosts.

File name:

Publisher:

Disc Soft Ltd (signed and verified)

Product:

DAEMON Tools Net

Description:

DAEMON Tools Net Setup

Version:

5.1.0.0189.0

MD5:

ad7228065087c17a753f37f5288c3a19

SHA-1:

36a1dd6c715b19eb5bea9e4c528f571c31afb5c4

SHA-256:

c624623906cf7c5f19c4e911b1365b7b944a1624437c0f998239fb357bfba52b

Scanner detections:

18 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 12:42:12 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.OpenCandy

7.1.1

AVG

OpenCandy

2016.0.3129

Comodo Security

Virus.Win32.Virut.CE

21827

Dr.Web

Adware.OpenCandy.7

9.0.1.0115

ESET NOD32

Win32/OpenCandy potentially unsafe

9.11499

Fortinet FortiGate

Riskware/OpenCandy

4/25/2015

F-Prot

W32/OpenCandy.B

v6.4.7.1.166

G Data

Win32.Adware.OpenCandy

15.4.25

K7 AntiVirus

Unwanted-Program

13.202.15641

Malwarebytes

PUP.Optional.OpenCandy

v2015.04.25.12

McAfee

Artemis!AD7228065087

5600.6785

NANO AntiVirus

Trojan.Win32.OpenCandy.cvzfoq

0.30.16.1110

Panda Antivirus

Generic Suspicious

15.04.25.12

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.12.3.22

Rising Antivirus

PE:PUF.OpenCandy!1.9DE5

23.00.65.15423

Trend Micro House Call

TROJ_GEN.R047H07C315

7.2.115

VIPRE Antivirus

Opencandy

39500

Zillya! Antivirus

Adware.OpenCandy.Win32.3

2.0.0.2144

File size:

20 MB (20,998,264 bytes)

Product version:

5.1.0.0189.0

Original file name:

DAEMON Tools Net5.1.0.0189.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\programs\daemontoolsnet510-0189_2.exe

Digital Signature

Signed by:

Disc Soft Ltd

Authority:

GlobalSign nv-sa

Valid from:

2/27/2015 5:52:47 PM

Valid to:

5/30/2015 8:52:02 PM

Subject:

E=finpr@disc-soft.com, CN=Disc Soft Ltd, O=Disc Soft Ltd, L=Belize city, S=Belize, C=BZ

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216071A86ED7CDF67E099EE47C211A4B57

File PE Metadata

Compilation timestamp:

4/10/2010 3:19:31 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

393216:l0wVHekdqa0sQr6ZEAnA8ysgYc/MDAXikUwBQwvmSZ3VjjJZ48dJHkt4ZpbnI:l3IwECEaNfBwywuSZFjJFw4Q

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.9999

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file daemontoolsnet510-0189_2.exe has been seen being distributed by the following 50 URLs.

http://mirror22.mountspace.com/getfile.php?p=http://na-us7.disc-tools.com/.../DAEMONToolsNet510-0189.exe