» winrarupdate.5.21.0.exe
Overview
Analysis
File Details

winrarupdate.5.21.0.exe

The application winrarupdate.5.21.0.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

MD5:

b47dca2aae5fd15e44245aa93d267e89

SHA-1:

6846489ae2f45e7b4829d526656b6f81c386abd4

SHA-256:

1893b7c223b6678784c84a912eca1e85e80254d313a8ca2db7cb32644a2e1f94

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

5/3/2024 4:38:18 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

avast!

Adware-gen [Adw]

150414-0

AVG

OpenCandy

2016.0.3132

Baidu Antivirus

Adware.Win32.OpenCandy

4.0.3.15421

Dr.Web

Threat.Undefined

9.0.1.0111

ESET NOD32

Win32/OpenCandy.C potentially unsafe application

9.7.0.302.0

Fortinet FortiGate

Riskware/OpenCandy

4/21/2015

G Data

Win32.Adware.OpenCandy

15.4.25

herdProtect (fuzzy)

variant of quicktimeupdate.7.76.80.95.exe

2015.7.23.2

K7 AntiVirus

Trojan

13.203.15666

Malwarebytes

PUP.Optional.OpenCandy

v2015.04.21.11

McAfee

Trojan.Artemis!4E2A9DF76D9D

5600.6788

Sophos

OpenCandy

4.98

Trend Micro House Call

Suspici.4749E76F

7.2.111

VIPRE Antivirus

Threat.4791855

39354

File size:

387.4 KB (396,684 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\Program Files\mydailyupdate\packages\136bc1a8-75a4-4cfb-bf86-37500a35907c\setup\winrarupdate.5.21.0.exe

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:r40uozS/Q9QWhKR6WtUqlW4JvTFXRFcAzs5:r4qzS/Q9QWhKcWt7FXDL+

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9333

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove winrarupdate.5.21.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.