home

dlm317a.exe

Installation helper

OpenCandy

The application dlm317a.exe by OpenCandy has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

Product:
Installation helper

Version:
3.2.5.317

MD5:
14b969ef4be527093f07403c2c872a34

SHA-1:
f4870219649298764e2703dfe673b246ba45a26d

SHA-256:
48477fd32b75be8f451ff6ebc415d01c2393753bfa07679e50e89136f4fa2456

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
5/19/2024 4:05:53 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.141016

Dr.Web
Adware.OpenCandy.15
9.0.1.0289

ESET NOD32
Win32/OpenCandy (variant)
8.10575

Fortinet FortiGate
Riskware/OpenCandy
10/16/2014

G Data
Win32.Application.OpenCandy
14.10.24

NANO AntiVirus
Riskware.Win32.OpenCandy.depxcb
0.28.2.62671

Reason Heuristics
PUP.OpenCandy.H
14.12.16.10

VIPRE Antivirus
Trojan.Win32.Generic
33982

File size:
300.5 KB (307,672 bytes)

Product version:
3.2.5.317

Copyright:
Copyright (c) 2008 - 2014

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\rheng\c9d662fac0744ca19faff95eb4fb90d1\dlm317a.exe

Digital Signature
Signed by:
OpenCandy

Authority:
COMODO CA Limited

Valid from:
8/26/2014 1:00:00 AM

Valid to:
8/27/2015 12:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008C39E02810FFAD0BE835267C2DF1EB91

File PE Metadata
Compilation timestamp:
10/15/2014 5:53:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:0srFqB1+auPEYh+fnh4UObcZWh/bqHwW87S6RyoHxNhLJmDnQ4oSMhL:0AFqOCUmn2bcZSnW87ScRNhLuDoSI

Entry address:
0xBADE0

Entry point:
60, BE, 00, E0, 47, 00, 8D, BE, 00, 30, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, E4, 8E, 0B, 00, 57, 83, C3, 04, 53, 68, D5, CD, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.8436  (probably packed)

Code size:
248 KB (253,952 bytes)

Remove dlm317a.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.