» disk-defrag-setup.exe
Overview
Analysis
File Details

disk-defrag-setup.exe

Auslogics DiskDefrag

Auslogics Software Pty Ltd

The application disk-defrag-setup.exe, “Auslogics DiskDefrag Installation File ” by Auslogics Software Pty has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

Publisher:

Auslogics Labs Pty Ltd (signed by Auslogics Software Pty Ltd)

Product:

Auslogics DiskDefrag

Description:

Auslogics DiskDefrag Installation File

Version:

4.2.1.0

MD5:

8a537cdac0c1ed070645d5d924848e17

SHA-1:

f23f9fcbb5f4428a6f401617c673bbb76bbbd031

SHA-256:

2ac3ff40f2a9f5134a497e464bd6fa764a73874723a63ae5fa075a83e445d8c6

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/18/2024 10:35:12 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy (variant)

10.9429

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.12.10.3

Trend Micro House Call

TROJ_GEN.F47V0214

7.2.35

File size:

5.2 MB (5,498,824 bytes)

Product version:

4.2.1.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Digital Signature

Signed by:

Auslogics Software Pty Ltd

Authority:

VeriSign, Inc.

Valid from:

4/8/2013 9:00:00 PM

Valid to:

6/7/2016 8:59:59 PM

Subject:

CN=Auslogics Software Pty Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Auslogics Software Pty Ltd, L=Crows Nest, S=New South Wales, C=AU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7D9EE0F891E37563F2A431C5A11D91C8

File PE Metadata

Compilation timestamp:

1/30/2013 12:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:JUhSbDSBR6f61he2nl3zZy1c4U3ahMa+/EwSt/AdAdECrbxz/DHOhXp4lVNOhsF1:JUASBR861h1l12c4U3a2TVSlAdAdf/xx

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

Remove disk-defrag-setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.