OpenCandy

Catégorie: Adwares et PUA Protection disponible depuis:20 févr. 2012 18:27:40 (GMT)
Type: Unspecified PUA Dernière mise à jour :10 nov. 2016 09:05:16 (GMT)

Download Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

OpenCandy is an advertising software module consisting of a Microsoft Windows library that can be incorporated in a Windows Installer. When a user installs an application that includes the OpenCandy library, it presents offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

 

In its most basic form, the OpenCandy framework is used for Affiliate tracking, and may not present any options for additional third party applications.  In some cases, the module may be included by the installer manufacturer or a third party, and not by the developer of the software being installed.

Examples of OpenCandy include:

Example 1

File Information

Size
1.3M
SHA-1
002090a3b4f49dbdb9eaacec7c21acc022d024a2
MD5
9af69426b871b27bd4eda957322ce11b
CRC-32
d9291165
File type
Windows executable
First seen
2007-10-31

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\{A2718E3B-EA2D-4520-8609-77AE8A8DE75B}\OCSetupHlp.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\sp-downloader.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\SPIdentifier.exe
    Size
    64K
    SHA-1
    fda86cc2ffcbecaa996fb86a83772f5a4c79685e
    MD5
    73554f3944811c0c4b393826943be2ca
    CRC-32
    58c62473
    File type
    Windows executable
    First seen
    2013-07-30
Processes Created
  • c:\docume~1\support\locals~1\temp\spidentifier.exe
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://aff-software.s3-website-us-east-1.amazonaws.com/f7fcdd99a2e75d6ad7c29954e075a8b6/Cloud_Backup_Setup.exe
  • http://api.opencandy.com/
  • http://e1.arcadefrontier.com/aj/bundle/833/
  • http://sp-storage.conduit-services.com/spidentifier/SPIdentifierImpl.exe
DNS Requests
  • aff-software.s3-website-us-east-1.amazonaws.com
  • api.opencandy.com
  • e1.arcadefrontier.com
  • sp-storage.conduit-services.com

Example 2

File Information

Size
1.1M
SHA-1
0041bce73a567ea556ab7a46b426ef96e94f7c8a
MD5
ea41e02db6d33ba104cd62531a86360c
CRC-32
68cfa325
File type
Windows executable
First seen
2015-09-12

Runtime Analysis

Processes Created
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://api.opencandy.com/
  • http://d1.arcadefrontier.com/aj/bundle/891/
DNS Requests
  • api.opencandy.com
  • d1.arcadefrontier.com

Example 3

File Information

Size
1.3M
SHA-1
005cafa13be8b620e3ab8691302ab958eb788edb
MD5
3ec61a3ff55f73b1becc31d9a71428ca
CRC-32
a9600056
File type
Windows executable
First seen
2012-03-19

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\sp-downloader.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\{A2718E3B-EA2D-4520-8609-77AE8A8DE75B}\OCSetupHlp.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\SPIdentifier.exe
    Size
    64K
    SHA-1
    fda86cc2ffcbecaa996fb86a83772f5a4c79685e
    MD5
    73554f3944811c0c4b393826943be2ca
    CRC-32
    58c62473
    File type
    Windows executable
    First seen
    2013-07-30
Processes Created
  • c:\docume~1\support\locals~1\temp\spidentifier.exe
  • c:\windows\system32\rundll32.exe
HTTP Requests
  • http://aff-software.s3-website-us-east-1.amazonaws.com/f7fcdd99a2e75d6ad7c29954e075a8b6/Cloud_Backup_Setup.exe
  • http://api.opencandy.com/
  • http://e1.arcadefrontier.com/aj/bundle/912/
  • http://fagamesframework.com/af/getExternalGamesInfo/ticket=ZsAOs598203kgIvMZNEE
  • http://sp-storage.conduit-services.com/spidentifier/SPIdentifierImpl.exe
DNS Requests
  • aff-software.s3-website-us-east-1.amazonaws.com
  • api.opencandy.com
  • e1.arcadefrontier.com
  • fagamesframework.com
  • sp-storage.conduit-services.com

download Essayez les produits Sophos gratuitement
Téléchargez maintenant