» dtupgraderfull-r19767.exe
Overview
Analysis
File Details

dtupgraderfull-r19767.exe

doubleTwist Corporation

The application dtupgraderfull-r19767.exe by doubleTwist has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory.

File name:

Publisher:

doubleTwist Corporation (signed and verified)

MD5:

af3b4874fb724b9f347272c05b3e6ff9

SHA-1:

003b77301a220f66a1c3e41e550df443ef96375f

SHA-256:

9b568412abd173d280009aa6168aaa7bedf724a2d9784fecc96d556734cc74f9

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/19/2024 1:03:47 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.OpenCandy.128

9.0.1.0310

ESET NOD32

Win32/OpenCandy potentially unsafe application

7.0.302.0

Fortinet FortiGate

Adware/OpenCandy

11/6/2015

G Data

Win32.Adware.OpenCandy

15.11.25

K7 AntiVirus

Trojan

13.204.16151

Malwarebytes

PUP.Optional.OpenCandy

v2015.11.06.09

McAfee

Artemis!AF3B4874FB72

5600.6590

Panda Antivirus

Trj/OCJ.E

15.11.06.09

Reason Heuristics

PUP.doubleTwistCorporation.V

14.7.10.2

Rising Antivirus

PE:PUF.OpenCandy!1.9DE5

23.00.65.151104

Vba32 AntiVirus

AdWare.OpenCandy

3.12.26.4

File size:

21.1 MB (22,091,216 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\dtupgraderfull-r19767.exe

Digital Signature

Signed by:

doubleTwist Corporation

Authority:

Thawte, Inc.

Valid from:

4/30/2014 2:00:00 AM

Valid to:

4/30/2015 1:59:59 AM

Subject:

CN=doubleTwist Corporation, O=doubleTwist Corporation, L=San Francisco, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5083313E60A850E615C59B6E93B64109

File PE Metadata

Compilation timestamp:

2/24/2012 8:19:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

393216:8EOOakgPPsbOlGNjV6zcudCArWjRYfcNGtx0JXxcF995VA9p+IMoN5rEyP4:eObzqoV6zANjRYfMGtx0Jqp2f+6rEa

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

Remove dtupgraderfull-r19767.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.