» syncios.exe
Overview
Analysis
File Details
Downloads (2)

syncios.exe

Syncios

JunTu Software Inc.

The application syncios.exe, “Syncios Setup ” by JunTu Software has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.syncios.com and multiple other hosts.

File name:

syncios.exe

Publisher:

Anvsoft, Inc. (signed by JunTu Software Inc.)

Product:

Syncios

Description:

Syncios Setup

MD5:

268a77925eaa7c33291d478bb4216f30

SHA-1:

c28bc90b45e788746b57da531f4646caf975996e

SHA-256:

2ea198daca8bb9103744cf48f0db4a60f8cd5e041826fc61a26a4aaa870789a1

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 7:59:27 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

7.8917

Fortinet FortiGate

Adware/OpenCandy

11/25/2013

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.11.28.20

File size:

14.6 MB (15,337,728 bytes)

Product version:

2.0.9

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\syncios.exe

Digital Signature

Signed by:

JunTu Software Inc.

Authority:

VeriSign, Inc.

Valid from:

3/20/2012 8:00:00 PM

Valid to:

3/21/2014 7:59:59 PM

Subject:

CN=JunTu Software Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=JunTu Software Inc., L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

26267E29934668A10F0731D9C546D7CE

File PE Metadata

Compilation timestamp:

10/9/2012 4:48:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:OqpHFqwKVztxXcVdR/zu6tiaQZ/QzLX5fwSp3:OqrqwKBtRWR/zu0ij/QzVfwo3

Entry address:

0xF3BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01... 
[+]

Entropy:

7.9980 (probably packed)

Code size:

59 KB (60,416 bytes)

The file syncios.exe has been seen being distributed by the following 2 URLs.

http://www.syncios.com/syncios.exe

http://syncios.com/syncios.exe

Remove syncios.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.