home

dexpot 1.6.12 build 2416free-20 различных виртуальных рабочих столов.exe

Dexpot 1.6 Setup

Dexpot GbR

The application dexpot 1.6.12 build 2416free-20 различных виртуальных рабочих столов.exe, “Installer for Dexpot 1.6” by Dexpot GbR has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.dexpot.de and multiple other hosts.
Publisher:
Dexpot GbR  (signed and verified)

Product:
Dexpot 1.6 Setup

Description:
Installer for Dexpot 1.6

Version:
1.6.12

MD5:
75af76407aec22ff7683946207833ca1

SHA-1:
a1e920d23f27f7b57362d2a077012953691712e8

SHA-256:
754099697a338ed577d31a08256c3fd9f34bf3f8c2f97fc30d6ff03d35ff0a87

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/20/2024 1:13:33 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.OpenCandy.4
9.0.1.0102

ESET NOD32
Win32/OpenCandy
8.9668

Fortinet FortiGate
Riskware/OpenCandy
4/12/2014

Malwarebytes
PUP.Optional.OpenCandy
v2014.04.12.02

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14410

Trend Micro House Call
TROJ_GEN.F47V0401
7.2.102

File size:
3.6 MB (3,752,888 bytes)

Copyright:
© 2001-2014 Dexpot GbR

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
Dexpot GbR

Authority:
COMODO CA Limited

Valid from:
7/5/2013 4:00:00 AM

Valid to:
7/5/2016 3:59:59 AM

Subject:
CN=Dexpot GbR, O=Dexpot GbR, STREET=Bergerfurth 38, L=Wesel, S=NRW, PostalCode=46487, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009101BB3EB4B14E4D5C02CB74F564B839

File PE Metadata
Compilation timestamp:
12/6/2009 2:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:u2kTV7xCbFYr4Rl9Z7fnTgKiAc9PXbEf4aUBpE1UZMhIkDla:dGdYer4l9Z7fT1iAabEf4aAxMnRa

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file dexpot 1.6.12 build 2416free-20 различных виртуальных рабочих столов.exe has been seen being distributed by the following 4 URLs.

http://www.dexpot.de/.../dexpot_1612_r2416.exe

http://fs41.filehippo.com/4550/.../dexpot_1612_r2416.exe

http://filehippo.com/download/file/.../

http://dexpot.de/.../dexpot_1612_r2416.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.