home

downloadsetup.exe

CDBurnerXP

Canneverbe Limited

The application downloadsetup.exe by Canneverbe Limited has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from fs40.filehippo.com and multiple other hosts.
Publisher:
Canneverbe Limited   (signed by Canneverbe Limited)

Product:
CDBurnerXP

Version:
4.5.2.4214

MD5:
8496602e505914092cf8ed21b0fa1e36

SHA-1:
f44da8214492114643d7712e7c1bdfa910af38a7

SHA-256:
5c0e10500b37be3cd6e300ddb52a981d5e946d5eed545ffd0c5686883cf43b7a

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/23/2024 9:30:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.OpenCandy
7.1.1

ESET NOD32
Win32/OpenCandy
7.9190

Malwarebytes
PUP.Optional.OpenCandy
v2013.11.25.04

File size:
5 MB (5,199,536 bytes)

Product version:
4.5.2.4214

Copyright:
2001-2012 Canneverbe Limited

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\downloadsetup.exe

Digital Signature
Signed by:
Canneverbe Limited

Authority:
DigiCert Inc

Valid from:
3/4/2013 7:00:00 PM

Valid to:
6/8/2016 8:00:00 AM

Subject:
CN=Canneverbe Limited, O=Canneverbe Limited, L=Goch, C=DE

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E73EAE02E53D77688E0C0F18F0F1AAF

File PE Metadata
Compilation timestamp:
2/18/2010 8:52:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:NXGl9Qur0Gk4C3dOLBgWULhc3bROsKSATkUwtk/Eyr0:NXGHQur0GkNt2BgW+hc3pKvwcr0

Entry address:
0x163C4

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, F0, 54, 41, 00, E8, 70, 04, FF, FF, 33, C0, 55, 68, 91, 6A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 4D, 6A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 42, EF, FF, FF, E8, 4D, EA, FF, FF, 8D, 55, EC, 33, C0, E8, FB, 87, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, A6, EA, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Entropy:
7.8862  (probably packed)

Code size:
85 KB (87,040 bytes)

The file downloadsetup.exe has been seen being distributed by the following 30 URLs.

http://fs40.filehippo.com/1210/.../cdbxp_setup_4.5.2.4214.exe

http://www.freenew.net/.../downApp.htm?platform=windows&id=582433&toUrl=1d0618345558412f0d00451300092101121962070b1f5a1343730a585b75465f095a4408215a12597c5c0a5c4041087357125c79580f5c41445c2058590b340c

http://filehippo.com/download/file/.../

http://www.filehippo.com/it/download/file/.../

http://nl.inncdn.com/?version=100314&domain=cdburnerxp-pro&name=CDBurnerXP&icon=aHR0cDovL3NjcmVlbnNob3QuaXQuc2Z0Y2RuLm5ldC9pdC9zY3JuLzI3MDAwLzI3MzM1L2NkYnVybmVyeHAtMTMtODB4ODAucG5n&url=aHR0cDovL2VtYmVyLmNkYnVybmVyeHAuc2UvY2RieHBfc2V0dXBfNC40LjEuMzA5OS5leGU=&os=&lang=it_IT&desc=Q29tcGxldG8gZSBncmF0dWl0byBwcm9ncmFtbWEgcGVyIG1hc3Rlcml6emFyZSBDRCwgQmx1LXJheSBEaXNjIGUgSEQgRFZE

http://nl.inncdn.com/?version=100314&domain=cdburnerxp-pro&name=CDBurnerXP Pro&icon=aHR0cDovL3NjcmVlbnNob3RzLmRlLnNmdGNkbi5uZXQvZGUvc2Nybi8yNzAwMC8yNzMzNS9jZGJ1cm5lcnhwLXByby01LTgweDgwLnBuZw==&url=aHR0cDovL2VtYmVyLmNkYnVybmVyeHAuc2UvY2RieHBfc2V0dXBfNC40LjIuMzQ0Mi5leGU=&os=&lang=de_DE&desc=S29zdGVubG9zZXMgQnJlbm5wcm9ncmFtbSBmw7xyIFdpbmRvd3MtUmVjaG5lcg==

http://fs31.filehippo.com/8184/.../cdbxp_setup_4.5.2.4214.exe

http://www.filehippo.com/fr/download/file/.../

http://www.filepuma.com/file2/1376696702c3541/cdburnerxp_4.5.2/.../

http://www.filehippo.com/download/file/.../

http://www.filepuma.com/file2/1374095434c3541/cdburnerxp_4.5.2/.../

http://filehippo.com/download/file/.../

http://fs41.filehippo.com/2037/.../cdbxp_setup_4.5.2.4214.exe

http://filehippo.com/de/download/file/.../

http://fs40.filehippo.com/9718/.../cdbxp_setup_4.5.2.4214.exe

http://filehippo.com/download/file/.../

http://fs41.filehippo.com/1425/.../cdbxp_setup_4.5.2.4214.exe

http://www.progiinfo.net/goto/http://.../downloadsetup.exe

http://filehippo.com/download/file/.../

http://fs40.filehippo.com/1573/.../cdbxp_setup_4.5.2.4214.exe

http://www.filepuma.com/file2/1377035455c3541/cdburnerxp_4.5.2/.../

http://www.cdburnerxp.se/downloadsetup.php

http://download.cdburnerxp.se/cdbxp_setup_4.5.2.4214.exe

http://cdburnerxp.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWvlbaqpdHqn8d3TA/51bqWxUChQBieWwWEUCWarD1bRmB9/uWe2VHpE/.../u3CLfthsLhEC5cVuOZx7XiNgrEteFmJpvQZO2aAGksMtN8pGo=

http://www.cdburnerxp.se/downloadsetup.exe

http://filehippo.com/download/file/.../

http://fs33.filehippo.com/7807/.../cdbxp_setup_4.5.2.4214.exe

https://ember.cdburnerxp.se/cdbxp_setup_4.5.2.4214.exe

http://fs40.filehippo.com/4555/.../cdbxp_setup_4.5.2.4214.exe

http://cdburnerxp.se/downloadsetup.exe

Latest 30 of 30 download URLs

Remove downloadsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.