home

dm.exe

OpenCandy

The application dm.exe by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed and verified)

MD5:
21f39c0abcfc52a299e4e08b203fbe65

SHA-1:
ffec8b9dd2cd650230e59e0f629b980adad3129d

SHA-256:
9257a172049cddfa4e2f07de273f22b509c5536ec4738d7a8904bf344be43f4d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
5/6/2024 12:37:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
17.1.2.4

File size:
300.5 KB (307,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\opencandy\7047eadb9a694011b582ee6eaa2a843b\dm.exe

Digital Signature
Signed by:
OpenCandy

Authority:
COMODO CA Limited

Valid from:
8/26/2014 7:00:00 AM

Valid to:
8/27/2015 6:59:59 AM

Subject:
CN=OpenCandy, O=OpenCandy, STREET="510 Market St #301", L=San Diego, S=CA, PostalCode=92101, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1A4DE208E2EAA73D520698E2D08C7D3D

File PE Metadata
Compilation timestamp:
10/15/2014 11:50:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xBAC60

Entry point:
2D, 28, 08, 31, 30, 2C, 13, 4C, 4A, 45, 3E, 6C, 69, 63, 75, 8A, 87, 80, AB, B7, B2, AA, DB, D1, CE, C8, EF, 63, 63, 60, 5D, 3F, 3F, 3C, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 0E, 0A, 01, 3E, 37, 26, 07, 76, 68, 43, 81, CC, 9D, 24, F9, CC, 9A, 18, FD, CB, 99, 18, FE, C8, 97, 17, FF, C5, 96, 18, FE, C0, 93, 17, FC, B5, 8D, 29, EB, 4B, 40, 26, 4B, 37, 32, 27, 0D, 37, 36, 31, 1E, 59, 56, 50, 52, 72, 6F, 68, 88, 98...
 
[+]

Entropy:
7.8698  (probably packed)

Code size:
248 KB (253,952 bytes)

Remove dm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.