home

opencandy_{a555f3b8-cba2-4df4-817a-90fc103bc0d2}.dll

OCSetupHlp Dynamic Link Library

OpenCandy Inc.

The module opencandy_{a555f3b8-cba2-4df4-817a-90fc103bc0d2}.dll by OpenCandy has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the OpenCandy Installer installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy, Inc.  (signed by OpenCandy Inc.)

Product:
OCSetupHlp Dynamic Link Library

Version:
1.20.0.0

MD5:
1af573acb3d257ff32212c50f91bba66

SHA-1:
125b25d0b41795482ffa6c2d705e7f9f5f49656f

SHA-256:
9c98bc92b1957ece422e9aaf5525e302bcb8d8a68147ce7710b5eedec66a9a16

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 5:01:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
17.1.22.3

File size:
468.3 KB (479,552 bytes)

Product version:
1.20.0.0

Copyright:
Copyright (C) 2010

Original file name:
OCSetupHlp.dll

File type:
Dynamic link library (Win32 DLL)

Bundler/Installer:
OpenCandy Installer

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\opencandy\opencandy_{a555f3b8-cba2-4df4-817a-90fc103bc0d2}.dll

Digital Signature
Signed by:
OpenCandy Inc.

Authority:
VeriSign, Inc.

Valid from:
3/15/2010 1:00:00 AM

Valid to:
3/16/2011 12:59:59 AM

Subject:
CN=OpenCandy Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OpenCandy Inc., L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7381060ED460B99E62A92347BBB84D48

File PE Metadata
Compilation timestamp:
6/2/2010 11:31:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x37863

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4B, 97, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 55, 08, 53, 8B, 5D, 14, 56, 57, 85, DB, 75, 10, 85, D2, 75, 10, 39, 55, 0C, 75, 12, 33, C0, 5F, 5E, 5B, 5D, C3, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 0B, 4D, 00, 00, 6A, 16, 5E, 89, 30, E8, E0, 63, 00, 00, 8B, C6, EB, DD, 85, DB, 75, 07, 33, C0, 66, 89, 02, EB, D0, 8B, 4D, 10, 85, C9, 75, 07, 33, C0, 66, 89, 02, EB, D4, 8B, C2, 83, FB...
 
[+]

Code size:
333.5 KB (341,504 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.