home

mediainfo_gui_0.7.32_windows_i386.exe

MediaInfo

MediaArea.net

The application mediainfo_gui_0.7.32_windows_i386.exe, “All about your audio and video files” has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
MediaArea.net

Product:
MediaInfo

Description:
All about your audio and video files

Version:
0.7.32

MD5:
ac51d7d60b9e1031f8224c60a84e15ec

SHA-1:
1e31493ca4abd72d05914151afd020f7a55ffd3f

SHA-256:
7a0d5a8a8a7bd15dd3ba25473ec628a3fc5848466226c434e879c66e6d1f14df

Scanner detections:
11 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/20/2024 8:38:21 AM UTC  (today)

Scan engine
Detection
Engine version

Arcabit
PUP.Adware.OpenCandy
1.0.0.576

Baidu Antivirus
Hacktool.Win32.OpenCandy
4.0.3.16221

ESET NOD32
Win32/OpenCandy potentially unsafe
10.12363

Fortinet FortiGate
W32/OpenCandy
2/21/2016

G Data
Win32.Adware.OpenCandy
16.2.25

Malwarebytes
PUP.Optional.OpenCandy
v2016.02.21.02

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.2.21.14

Sophos
OpenCandy (PUA)
4.98

Total Defense
Win32/OpenCandy.A
37.1.62.1

VIPRE Antivirus
Opencandy
44328

ViRobot
Backdoor.Win32.A.Hupigon.2321472[h]
2014.3.20.0

File size:
2.2 MB (2,321,472 bytes)

Trademarks:
GPL license

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mediainfo_gui_0.7.32_windows_i386.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:tFnrdbzaPcpjvavVTxM8np2iGqlnQcNZ3Z2od69mHc:tFnrdbza0oS8nwPwzD8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mediainfo_gui_0.7.32_windows_i386.exe has been seen being distributed by the following URL.

http://www.tutoriels-animes.com/logitheque/.../MediaInfo_GUI_0.7.32_Windows_i386.exe

Remove mediainfo_gui_0.7.32_windows_i386.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.