home

OCReminder.exe

Reminder

OpenCandy Inc.

The application OCReminder.exe, “OCReminder periodically reminds you to try new software that you have downloaded or installed. After some time, or if you choose not to be reminded again, it will automatically remove itself from your” by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc.)

Product:
Reminder

Description:
OCReminder periodically reminds you to try new software that you have downloaded or installed. After some time, or if you choose not to be reminded again, it will automatically remove itself from your

Version:
3.1.7.124

MD5:
f52589e24b3a8586b53e20c01b048e5d

SHA-1:
5dd6a5697519f5b519c29c2654d548179a7008d9

SHA-256:
646f88418899866b89308e1c07c37414c435f5f784ff1a3c6b8a9394b1261fd4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/25/2024 4:19:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.10.18.6

File size:
392.3 KB (401,728 bytes)

Product version:
3.1.7.124

Copyright:
(c) 2010 OpenCandy All rights reserved.

Original file name:
OCReminder.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\opencandy_b1fd256a43884c00be7f0b03658d098e\ocreminder.exe

Digital Signature
Signed by:
OpenCandy Inc.

Authority:
VeriSign, Inc.

Valid from:
3/14/2010 8:00:00 PM

Valid to:
3/15/2011 7:59:59 PM

Subject:
CN=OpenCandy Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OpenCandy Inc., L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7381060ED460B99E62A92347BBB84D48

File PE Metadata
Compilation timestamp:
10/6/2010 3:46:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:z46c39xnXOgz97d4uQSQR22+L+WZhwGaD2g4KhBSALAT2OqZ9gOkK7UqZU5:kxVz97dOs1XRaD2g4QBSA87qHW5

Entry address:
0x30135

Entry point:
E8, B7, BB, 00, 00, E9, 79, FE, FF, FF, 6A, 10, 68, F0, 4E, 45, 00, E8, 31, F2, FF, FF, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, 60, C9, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, B5, C1, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, 30, A6, 45, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 18, 3B, 00, 00, 59, 89, 7D, FC, 53, E8, 41, 3B, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, 20, A6, 45, 00, 77, 49, 56, 53...
 
[+]

Entropy:
6.6269

Code size:
287.5 KB (294,400 bytes)

Remove OCReminder.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.