» va31.exe
Overview
Analysis
File Details

va31.exe

Speed-Bit LTD

The application va31.exe, “SpeedBit Video Accelerator” by Speed-Bit has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Wise Installer installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

va31.exe

Publisher:

SpeedBit Ltd. (signed by Speed-Bit LTD)

Description:

SpeedBit Video Accelerator

Version:

3136(build_1093)

MD5:

86e2af778b382b760a8f6d0bc3ab79db

SHA-1:

0874068e14b9291f917e0c26ee6a4917055272a4

SHA-256:

cb3e5784268eb2b9dcf6077c7d62f5c926319336abe388ee43bbd0f85725adf4

Scanner detections:

4 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 6:38:39 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

AdWare.Win32.OpenCandy

4.0.3.14919

ESET NOD32

Win32/OpenCandy

8.9888

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.12.1.6

Trend Micro House Call

TROJ_GEN.USVTJ27

7.2.262

File size:

5.5 MB (5,791,056 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Wise Installer

Language:

English (United States)

Common path:

C:\users\{user}\downloads dt\va31.exe

Digital Signature

Signed by:

Speed-Bit LTD

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

7/7/2008 7:00:00 PM

Valid to:

9/4/2010 6:59:59 PM

Subject:

CN=Speed-Bit LTD, OU=SECURE APPLICATION DEVELOPMENT, O=Speed-Bit LTD, L=Haifa, S=North, C=IL

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

76392AEFA4819C3FB530287BB1313517

File PE Metadata

Compilation timestamp:

4/8/1999 3:24:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:rC4kAGV1TxA9KKH9UICr7qoPeAzwa2Y1cGclhSR4xERzkhlq3hOmMXHVZkCgo:rcAWTwK/yyDwkYwGgQhA5Okw

Entry address:

0x1000

Entry point:

55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50... 
[+]

Entropy:

7.9995

Packer / compiler:

Wise Installer Stub

Code size:

512 Bytes (512 bytes)

Remove va31.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.