» quicktimeupdate.7.76.80.95.exe
Overview
Analysis
File Details

quicktimeupdate.7.76.80.95.exe

The application quicktimeupdate.7.76.80.95.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

MD5:

86b2d2bb9b6b4160cbe146a6de1bdca3

SHA-1:

c0af86a8938a5efecd6683c1d01d768773fb3485

SHA-256:

0b1ca4fe84d0acabf0d19bf6bb586ec23bcab3a70a5fb3e2f139e691ef8d3038

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/20/2024 2:50:06 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

avast!

Adware-gen [Adw]

2014.9-150722

AVG

OpenCandy

2016.0.3133

Dr.Web

Threat.Undefined

9.0.1.0111

ESET NOD32

Win32/OpenCandy.C potentially unsafe application

9.7.0.302.0

Fortinet FortiGate

Riskware/OpenCandy

4/21/2015

G Data

Win32.Adware.OpenCandy

15.4.25

herdProtect (fuzzy)

variant of winrarupdate.5.21.0.exe

2015.7.22.13

K7 AntiVirus

Trojan

13.203.15666

Malwarebytes

PUP.Optional.OpenCandy

v2015.04.21.07

McAfee

Trojan.Artemis!4E2A9DF76D9D

5600.6789

Sophos

OpenCandy

4.98

Trend Micro House Call

Suspici.4749E76F

7.2.111

VIPRE Antivirus

Threat.4791855

39354

File size:

391 KB (400,418 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\mydailyupdate\packages\a7ee6234-4d45-404c-ab9c-8203cec883b2\setup\quicktimeupdate.7.76.80.95.exe

File PE Metadata

Compilation timestamp:

12/6/2009 8:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:r4XeuozS/Q9QWhKR6WtUqlW4JvTFXRFcAzsC:r4czS/Q9QWhKcWt7FXDLJ

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9342

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove quicktimeupdate.7.76.80.95.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.