OpenCandy

Catégorie: Adwares et PUA Protection disponible depuis:20 févr. 2012 18:27:40 (GMT)
Type: Unspecified PUA Dernière mise à jour :06 déc. 2014 23:06:30 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

OpenCandy  is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of OpenCandy include:

Example 1

File Information

Size
1.1M
SHA-1
006f24ee42009c4ff6e293b8f823488f958ac5ed
MD5
6535f6cdd3a7a782202b8f0dc37dacec
CRC-32
88a816b0
File type
Windows executable
First seen
2013-11-08

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\mconduitinstaller.exe
    Size
    80K
    SHA-1
    3afb53ddfc81a47e4335b232481f8d3a7469b1e5
    MD5
    446623160a87bcb075c3b9a3c8827ca9
    CRC-32
    4cbc34ea
    File type
    Windows executable
    First seen
    2013-03-08
HTTP Requests
  • http://d1.arcadefrontier.com/aj/bundle/832/
DNS Requests
  • d1.arcadefrontier.com

Example 2

File Information

Size
4.6M
SHA-1
0078f57b9b78d11ce0bc235f344c0ecc85d0b313
MD5
6bb172ef7dd31ec30d7bdc9aed22d40d
CRC-32
eea9e5eb
File type
Windows executable
First seen
2010-11-29

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\is-HBHNN.tmp\sample.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\is-7HJKE.tmp\_isetup\_shfoldr.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\is-7HJKE.tmp\OCSetupHlp.dll
    Size
    439K
    SHA-1
    def9a2045d8fc2e7d47e5f128adbc30422b4f3ca
    MD5
    602bb41454775c49b50e739746d2ded1
    CRC-32
    9a665ed8
    File type
    Windows executable
    First seen
    2010-09-08
Processes Created
  • c:\docume~1\support\locals~1\temp\is-hbhnn.tmp\sample.tmp
HTTP Requests
  • http://api.opencandy.com/
  • http://cdn3.opencandy.com/templates/8743/0/64215.png
DNS Requests
  • api.opencandy.com
  • cdn3.opencandy.com

Example 3

File Information

Size
1.1M
SHA-1
02d5a6a53d9a9e2f2b2ef78fa65ed70bae325f27
MD5
546521847adde0712720bed4208ebb84
CRC-32
92bd610e
File type
Windows executable
First seen
2013-10-28

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ct3295941\chromeid.txt
  • c:\Documents and Settings\test user\Local Settings\Temp\ct3295941\ctbe.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ct3295941\ieLogic.exe
    Size
    3.1M
    SHA-1
    5da3e416db5a1f7fd4e398aa6fb8958a4c7e6b33
    MD5
    fd2f85b2fe2cc2fd3274af0b7fbf3190
    CRC-32
    8d5d73cf
    File type
    Windows executable
    First seen
    2013-10-28
  • c:\Documents and Settings\test user\Local Settings\Temp\mconduitinstaller.exe
    Size
    80K
    SHA-1
    3afb53ddfc81a47e4335b232481f8d3a7469b1e5
    MD5
    446623160a87bcb075c3b9a3c8827ca9
    CRC-32
    4cbc34ea
    File type
    Windows executable
    First seen
    2013-03-08
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd4.tmp\ns5.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd8.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ct3295941\stub.exe
    Size
    88K
    SHA-1
    2a6234ac2ff85e104f854c0bcdee42e70ca0a6ee
    MD5
    3d5a9c21a5f482b02f8357e684d8111e
    CRC-32
    f1dfcaeb
    File type
    Windows executable
    First seen
    2013-06-01
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd4.tmp\InetC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsd4.tmp\nsExec.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn7.tmp\nsExec.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn7.tmp\InetC.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn7.tmp\t.txt
  • C:\END
  • c:\Documents and Settings\test user\Local Settings\Temp\nsn7.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\ct3295941\setup.ini.txt
Processes Created
  • c:\docume~1\support\locals~1\temp\ct3295941\ctbe.exe
  • c:\docume~1\support\locals~1\temp\ct3295941\stub.exe
  • c:\docume~1\support\locals~1\temp\mconduitinstaller.exe
  • c:\docume~1\support\locals~1\temp\nsd4.tmp\ns5.tmp
  • c:\docume~1\support\locals~1\temp\nsn7.tmp\ns9.tmp
  • c:\docume~1\support\locals~1\temp\nsn7.tmp\nsc.tmp
  • c:\docume~1\support\locals~1\temp\nsn7.tmp\nsf.tmp
HTTP Requests
  • http://chromewebtb.conduit-download.com/41/329/ct3295941/Downloads/ChromeWebToolbar/ct3295941.txt
  • http://ct3295941.ourtoolbar.com/ie
  • http://ct3295941.ourtoolbar.com/ie/
  • http://d1.arcadefrontier.com/aj/bundle/832/
  • http://fagamesframework.com/af/getExternalGamesInfo/ticket=XBANa7sdrowdang8BABL
  • http://ie.conduit-download.com/41/329/CT3295941/Downloads/IE/Releases/6.17.1.25/13-10-20-11.34.42.595/SearchFlyBar5.exe
  • http://ie.conduit-download.com/41/329/ct3295941/Downloads/IE/Releases/setup.ini.txt
  • http://setupapi.toolbar.conduit-services.com/Properties/INI/ct3295941
  • http://storage.conduit.com/ps/conduitinstaller/stublogic.exe
  • http://storage.conduit.com/ps/utilities/checktbexist.exe
DNS Requests
  • chromewebtb.conduit-download.com
  • ct3295941.ourtoolbar.com
  • d1.arcadefrontier.com
  • fagamesframework.com
  • ie.conduit-download.com
  • servicemap.conduit-services.com
  • setupapi.toolbar.conduit-services.com
  • storage.conduit.com
  • usage.integration.toolbar.conduit-services.com
  • usage.toolbar.conduit-services.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant