home

du77c.exe

Installation helper

OpenCandy Inc

The application du77c.exe by OpenCandy Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
OpenCandy  (signed by OpenCandy Inc)

Product:
Installation helper

Version:
4.0.0.77

MD5:
3f550ffce33856bde29b69313e2cb900

SHA-1:
d0cac41faf6125df4fd6f2a1ef819f40a397d51f

SHA-256:
06f797d5962ba97cfe8d6831011f64d7ac05341a9f0a106eca2098f2f39ba4f3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
5/24/2024 12:52:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OpenCandy (M)
16.11.30.3

File size:
5.5 MB (5,754,880 bytes)

Product version:
4.0.0.77

Copyright:
Copyright (c) 2008 - 2014

Original file name:
IHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\699d8eee62ea4fd7a73c1f53a7f8be6a\du77c.exe

Digital Signature
Signed by:
OpenCandy Inc

Authority:
VeriSign, Inc.

Valid from:
6/28/2014 12:00:00 AM

Valid to:
6/28/2015 11:59:59 PM

Subject:
CN=OpenCandy Inc, O=OpenCandy Inc, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5247E3098A65541C2BA1CE82C2E87832

File PE Metadata
Compilation timestamp:
1/28/2015 5:47:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:dmNoKpwcxfm4rrwTID2icrqRA4hbN/kgww8wOFQT2IRjmv:d6r2cxfm1s2rrybNXwkO+2z

Entry address:
0x66A90

Entry point:
60, BE, 00, 30, 44, 00, 8D, BE, 00, E0, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
144 KB (147,456 bytes)

Remove du77c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.