» virtualdvd_v4.7.0.0.exe
Overview
Analysis
File Details

virtualdvd_v4.7.0.0.exe

VirtualDVD

Mediawave Corporation

The application virtualdvd_v4.7.0.0.exe, “VirtualDVD Setup ” by Mediawave has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

Publisher:

ohsoft (signed by Mediawave Corporation)

Product:

VirtualDVD

Description:

VirtualDVD Setup

Version:

4.7.0.0

MD5:

0ddeaaa34195e41b4b7d8e180864f7f5

SHA-1:

f4c79309746919d8ec794aeae4d56fa26be45abf

SHA-256:

5564a3914c1300ed24bbf9836057055768f2971c75e1d0b480d897435d5b4902

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/19/2024 12:28:18 PM UTC (today)

Scan engine

Detection

Engine version

AVG

OpenCandy

2016.0.3114

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/OpenCandy.C potentially unsafe (variant)

9.11554

F-Prot

W32/OpenCandy.A2.gen

v6.4.7.1.166

NANO AntiVirus

Riskware.Win32.OpenCandy.dqxwfk

0.30.24.1357

Sophos

PUA 'OpenCandy'

5.14

File size:

4.6 MB (4,819,776 bytes)

Product version:

4.7.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\virtualdvd_v4.7.0.0.exe

Digital Signature

Signed by:

Mediawave Corporation

Authority:

Thawte, Inc.

Valid from:

7/29/2013 9:00:00 AM

Valid to:

8/29/2014 8:59:59 AM

Subject:

CN=Mediawave Corporation, O=Mediawave Corporation, L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

57F6127244941D42A89BBD9403FA5ED8

File PE Metadata

Compilation timestamp:

8/22/2013 1:18:14 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:NoiDfj6tX6oOLJCFltOetDOK5fwdXnhqoHXBYU9DB0IwAVaWoa78b8AYz1u:No4foSJCRvDfyc+BYU9DB09caC971u

Entry address:

0x173D4

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 40, 51, 41, 00, E8, A4, 13, FF, FF, 33, C0, 55, 68, B6, 7A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 72, 7A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 38, BC, 41, 00, E8, 12, C9, FF, FF, E8, 61, C4, FF, FF, 80, 3D, 70, 8D, 41, 00, 00, 74, 0C, E8, 27, CA, FF, FF, 33, C0, E8, 70, E1, FE, FF, 8D, 55, EC, 33, C0, E8, 1A, 79, FF, FF, 8B, 55, EC, B8, 30, E7... 
[+]

Entropy:

7.9904

Developed / compiled with:

Microsoft Visual C++

Code size:

90.5 KB (92,672 bytes)

Remove virtualdvd_v4.7.0.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.