home

xplorer2_liteoc_setup.exe

Nikolaos Bozinis

The application xplorer2_liteoc_setup.exe, “xplorer2 lite installer” by Nikolaos Bozinis has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from zabara.s3.amazonaws.com.
Publisher:
ZabKat  (signed by Nikolaos Bozinis)

Description:
xplorer2 lite installer

Version:
2.2.0.2

MD5:
f3d3b701c6bf6aa18eb26bc9fe5180de

SHA-1:
1d941050f74d01a5ba3b358dd399e0146df48c06

SHA-256:
3b5e6b0af673768fd70ff41a06564773aeb14557d825238da06e7a803057e0ff

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/23/2024 11:17:06 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.OpenCandy
7.1.1

ESET NOD32
Win32/OpenCandy
7.9301

Malwarebytes
PUP.Optional.OpenCandy
v2013.12.24.01

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14118

File size:
1.8 MB (1,865,424 bytes)

Copyright:
(C) 2002-2012 ZabKat

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\xplorer2_liteoc_setup.exe

Digital Signature
Signed by:
Nikolaos Bozinis

Authority:
The USERTRUST Network

Valid from:
5/3/2010 7:00:00 PM

Valid to:
5/4/2015 6:59:59 PM

Subject:
CN=Nikolaos Bozinis, O=Nikolaos Bozinis, STREET=7 Riddons Road, L=London, S=n/a, PostalCode=SE12 9RB, C=GB

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
4A020CA4D03178B6A471F1087AA7E55A

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:3p2VMEUdnzI+0vW30fa1i++7ytS0vaI/6qWAWWR1+ril8OA:YVM+hvcSa1i+H0+4AtkrnV

Entry address:
0x43480

Entry point:
60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Entropy:
7.9956

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
20 KB (20,480 bytes)

The file xplorer2_liteoc_setup.exe has been seen being distributed by the following URL.

http://zabara.s3.amazonaws.com/xplorer2_liteOC_setup.exe

Remove xplorer2_liteoc_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.