syncios.exe

Syncios

JunTu Software Inc.

The application syncios.exe, “Syncios Setup ” by JunTu Software has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from downloads.pcworld.com and multiple other hosts.
Publisher:
Anvsoft, Inc.   (signed by JunTu Software Inc.)

Product:
Syncios

Description:
Syncios Setup

MD5:
ac4e1288d2245b94cf6fde78d29b0e51

SHA-1:
e8d5d8d0c114fca92bdfce42278f64f218ef9670

SHA-256:
3f72866ca81015cd8be9c54f903d8ca3baf8c79659eac56bf9d799663e8e4510

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
9/21/2018 9:03:29 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
8.9341

Fortinet FortiGate
Adware/OpenCandy
5/6/2014

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.11.29.22

File size:
15.1 MB (15,860,560 bytes)

Product version:
2.0.6

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\syncios.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/21/2012 11:00:00 AM

Valid to:
3/22/2014 10:59:59 AM

Subject:
CN=JunTu Software Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=JunTu Software Inc., L=Shenzhen, S=Guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26267E29934668A10F0731D9C546D7CE

File PE Metadata
Compilation timestamp:
10/9/2012 7:48:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:JGGu8x6L1rN43EJRYCWyscJqCWU8/+TefJmHMK3+a2iTp:JIu01rN43FCWtocmTeQsTa5p

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Entropy:
7.9981

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file syncios.exe has been seen being distributed by the following 2 URLs.

Remove syncios.exe - Powered by Reason Core Security