× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c85948b8b6b825d2d456a764550d85f6d09c694b3dbc002e06f96037a6c7df02
File name: CDex-1.81-win32.exe
Detection ratio: 35 / 69
Analysis date: 2018-12-14 01:51:21 UTC ( 2 dny, 6 hodin ago )
Antivirus Result Update
Antiy-AVL GrayWare[AdWare]/Win32.OpenCandy 20181214
Avast Win32:OpenCandy-D [PUP] 20181214
AVG Win32:OpenCandy-D [PUP] 20181214
Avira (no cloud) PUA/OpenCandy.Gen 20181214
Bkav HW32.Packed. 20181213
ClamAV Win.Malware.Opencandy-40 20181213
Cyren W32/Adware.HICR-5613 20181213
DrWeb Adware.OpenCandy.210 20181213
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/OpenCandy.A potentially unsafe 20181213
F-Prot W32/OpenCandy.G 20181213
Fortinet Riskware/OpenCandy 20181213
GData Win32.Application.OpenCandy.O 20181213
Sophos ML heuristic 20181128
K7AntiVirus Unwanted-Program ( 004bc62d1 ) 20181213
K7GW Unwanted-Program ( 004bc62d1 ) 20181213
Kaspersky not-a-virus:Downloader.Win32.OpenCandy.ko 20181213
Malwarebytes PUP.Optional.OpenCandy 20181213
MAX malware (ai score=98) 20181214
McAfee Artemis!4362A637B6C7 20181213
McAfee-GW-Edition Artemis 20181213
Microsoft PUA:Win32/CandyOpen 20181213
NANO-Antivirus Trojan.Win32.Mlw.efvjig 20181213
Panda PUP/OpenCandy 20181213
SentinelOne (Static ML) static engine - malicious 20181011
Symantec PUA.OpenCandy 20181213
Trapmine malicious.moderate.ml.score 20181205
TrendMicro PUA_OpenCandy 20181213
TrendMicro-HouseCall PUA_OpenCandy 20181213
VBA32 AdWare.OpenCandy 20181213
VIPRE Trojan.Win32.Generic!BT 20181213
Webroot Pua.Gen 20181214
Yandex Riskware.Agent! 20181213
Zillya Adware.OpenCandy.Win32.2761 20181213
ZoneAlarm by Check Point not-a-virus:Downloader.Win32.OpenCandy.ko 20181214
Ad-Aware 20181214
AegisLab 20181213
AhnLab-V3 20181213
Alibaba 20180921
ALYac 20181214
Arcabit 20181214
Avast-Mobile 20181213
Babable 20180918
Baidu 20181207
BitDefender 20181214
CAT-QuickHeal 20181213
CMC 20181213
Comodo 20181213
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181214
Emsisoft 20181213
F-Secure 20181213
Ikarus 20181213
Jiangmin 20181213
Kingsoft 20181214
eScan 20181213
Palo Alto Networks (Known Signatures) 20181214
Qihoo-360 20181214
Rising 20181213
Sophos AV 20181213
SUPERAntiSpyware 20181212
Symantec Mobile Insight 20181212
TACHYON 20181213
Tencent 20181214
TheHacker 20181213
TotalDefense 20181213
Trustlook 20181214
ViRobot 20181213
Zoner 20181214
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Georgy Berdyshev

Product CDex
Original name CDex-1.81-win32.exe
File version 1.81.0.2016
Description CDex - Digital Audio CD Extractor and Converter
Comments http://cdex.mu/
Packers identified
F-PROT UPX, appended, NSIS, UTF-8, Unicode, CAB
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-03 20:18:56
Entry Point 0x000033B6
Number of sections 5
PE sections
Overlays
MD5 bf4ede5adab6e9222a71707d0bccd517
File type data
Offset 470016
Size 19048757
Entropy 8.00
PE imports
RegCreateKeyExW
RegEnumValueW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SelectObject
CreateBrushIndirect
SetBkMode
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
CopyFileW
GetShortPathNameW
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrcmpiW
GetCurrentProcess
CompareFileTime
GetWindowsDirectoryW
GetFileSize
SetFileTime
GetCommandLineW
WideCharToMultiByte
SetErrorMode
MultiByteToWideChar
lstrlenW
CreateDirectoryW
DeleteFileW
GlobalLock
ReadFile
lstrcpyA
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
SetEnvironmentVariableW
MoveFileExW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
FindNextFileW
GetTempPathW
CloseHandle
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
FreeLibrary
SearchPathW
SetCurrentDirectoryW
WriteFile
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
SendMessageTimeoutW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
SetWindowTextW
DialogBoxParamW
AppendMenuW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateWindowExW
CreateDialogParamW
ReleaseDC
BeginPaint
CreatePopupMenu
SendMessageW
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
DestroyWindow
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
CharNextW
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetClassInfoW
GetDC
wsprintfW
CloseClipboard
DrawTextW
SetCursor
ExitWindowsEx
OpenClipboard
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 63
RT_ICON 12
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 79
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
http://cdex.mu/

LinkerVersion
6.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
1.81.0.2016

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
CDex - Digital Audio CD Extractor and Converter

LegalCopyright
Georgy Berdyshev

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
141824

EntryPoint
0x33b6

OriginalFileName
CDex-1.81-win32.exe

MIMEType
application/octet-stream

Publisher
Georgy Berdyshev

FileVersion
1.81.0.2016

TimeStamp
2016:04:03 21:18:56+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.81.0.2016

UninitializedDataSize
2048

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Georgy Berdyshev

CodeSize
25088

ProductName
CDex

ProductVersionNumber
1.81.0.2016

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
File identification
MD5 4362a637b6c7c5474731d801e872eb63
SHA1 d1a26f4bc31c1dea7298ee3f62ee190b281bc0ed
SHA256 c85948b8b6b825d2d456a764550d85f6d09c694b3dbc002e06f96037a6c7df02
ssdeep
393216:074WEw+/wnpWZwLFPl1f1fjSV4A6bSb9ePLHXo:07wwlnpWZeFPP1rPKej4

authentihash 23b31e266dee5278ce1d3da86b7371949539fb874b99a41fa6161d476baf98a2
imphash 4ea4df5d94204fc550be1874e1b77ea7
File size 18.6 MB ( 19518773 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe overlay upx via-tor

VirusTotal metadata
First submission 2016-04-22 23:29:13 UTC ( 2 roky, 7 měsíců ago )
Last submission 2018-05-27 02:25:17 UTC ( 6 měsíců, 3 týdny ago )
File names cdex-1.81-win32(3).exe
CDex-1.81-win32.exe
CDex-1.81-win32.exe
CDex-1.81-win32.exe
cdex-1-81.exe
CDex-1.81-win32.exe
CDex-1.81-win32.exe
cdex_1.81.exe
CDex-1.81-win32 (d1a26f4bc31c1dea7298ee3f62ee190b281bc0ed) [19 518 773].exe
V1-81.exe.MALWARE.vir
CDex-1.81-win32.exe
CDex.exe
CDex 1.81.exe
cdex-1.81-win32.exe.d9zfol9.partial
e5c83fb2de6db43c94d1f0e2b6954d95c89125c39dfb4c5f59c2505d00061ddddeec25337dcecacc8b50fb03e3a9221c98a312e62cd719662e1aa931f539ba52
CDex-1.81-win32.exe
CDex-1.81-win32.exe.part
cdex-1.81-win32.exe
CDex-1.81-win32.exe
CDex-1.81-win32(1).exe
setup - cdex 1.81 (32-bit) (2016-04-23).exe
CDex 1.81 Final (Конвертация Audio CD в mp3.exe
CDex-win32.exe
CDex-1.81-win32.exe
cdex-1.81-win32 (1).exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Runtime DLLs
UDP communications