× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b85f7a8a87270292f546cd1de615e594a37e518c4d0d35d136a52a0cc934c80
File name: uttA6BA.tmp
Detection ratio: 4 / 51
Analysis date: 2014-03-30 14:40:18 UTC ( 5 years, 1 month ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/OpenCandy.A 20140330
Malwarebytes PUP.Optional.OpenCandy 20140330
NANO-Antivirus Trojan.Win32.Runouce.cunfgo 20140330
VIPRE Opencandy (fs) 20140330
Ad-Aware 20140330
AegisLab 20140330
Yandex 20140329
AhnLab-V3 20140330
AntiVir 20140330
Antiy-AVL 20140330
Avast 20140330
AVG 20140330
Baidu-International 20140330
BitDefender 20140330
Bkav 20140329
ByteHero 20140330
CAT-QuickHeal 20140330
ClamAV 20140330
CMC 20140328
Commtouch 20140330
Comodo 20140330
DrWeb 20140330
Emsisoft 20140330
F-Prot 20140330
F-Secure 20140330
Fortinet 20140330
GData 20140330
Ikarus 20140330
Jiangmin 20140330
K7AntiVirus 20140328
K7GW 20140328
Kaspersky 20140330
Kingsoft 20140330
McAfee 20140330
McAfee-GW-Edition 20140329
Microsoft 20140330
eScan 20140330
Norman 20140330
nProtect 20140330
Panda 20140330
Qihoo-360 20140330
Rising 20140330
Sophos AV 20140330
SUPERAntiSpyware 20140329
Symantec 20140330
TheHacker 20140329
TotalDefense 20140329
TrendMicro 20140330
TrendMicro-HouseCall 20140330
VBA32 20140328
ViRobot 20140330
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2008 - 2011 OpenCandy, Inc.

Product OCSetupHlp
Original name OCSetupHlp.dll
Internal name OCSetupHlp
File version 1.6.1.138
Description Client library (p29)
Comments This file is part of the OpenCandy SDK. The OpenCandy SDK is used by software publishers to recommend software or services in their products. For more information visit http://opencandy.com
Packers identified
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-03 01:21:13
Entry Point 0x000C6590
Number of sections 3
PE sections
Overlays
MD5 6064d7d647976b4e7e9c3c28b7faf41e
File type data
Offset 293888
Size 6144
Entropy 7.23
PE imports
RegCloseKey
InitCommonControlsEx
BitBlt
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
AlphaBlend
SysAllocString
EnumProcesses
ShellExecuteW
PathMatchSpecW
VerQueryValueW
InternetQueryOptionW
CoInitialize
URLDownloadToFileW
PE exports
Number of PE resources by type
PNG 10
RT_DIALOG 2
RT_ICON 2
RT_MANIFEST 2
TYPELIB 1
RT_MENU 1
REGISTRY 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This file is part of the OpenCandy SDK. The OpenCandy SDK is used by software publishers to recommend software or services in their products. For more information visit http://opencandy.com

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.1.138

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

FileDescription
Client library (p29)

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0xc6590

OriginalFileName
OCSetupHlp.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2008 - 2011 OpenCandy, Inc.

FileVersion
1.6.1.138

TimeStamp
2012:02:03 02:21:13+01:00

FileType
Win32 DLL

PEType
PE32

InternalName
OCSetupHlp

ProductVersion
1.6.1.138

UninitializedDataSize
532480

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OpenCandy, Inc.

CodeSize
282624

ProductName
OCSetupHlp

ProductVersionNumber
1.6.1.138

FileTypeExtension
dll

ObjectFileType
Dynamic link library

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
PCAP parents
File identification
MD5 7a9bf84ae6f5793548177fb6998ce922
SHA1 52f3182e4cd4058d14afd9e40b14fed9d9b1494b
SHA256 6b85f7a8a87270292f546cd1de615e594a37e518c4d0d35d136a52a0cc934c80
ssdeep
6144:Aicn+KIMUQ2VaHH7Id+WqUhK5Vz7LWlIw5ADCljdhwxa3ETL/iGb/35oSB:o+KIMP2MHxWq4Krz7LWl5m2lExnqGj5n

authentihash 3d3923edd861d476726f6383deb093f1080ca3796e73ef3e4f204b548f5e7118
imphash 3a0a387ce8191932e2f919492d633c99
File size 293.0 KB ( 300032 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
overlay pedll via-tor

VirusTotal metadata
First submission 2012-08-06 11:55:36 UTC ( 6 years, 9 months ago )
Last submission 2018-05-14 23:59:25 UTC ( 1 year ago )
File names utt53c7.tmp
utta751.tmp
uttc1a9.tmp
utt4a3e.tmp
utt33e6.tmp
uttdaa.tmp
utt408c.tmp
utt84fd.tmp
utt47e2.tmp
utta5ab.tmp
uttc9a.tmp
uttb0ee.tmp
utt9048.tmp
uttd0c6.tmp
utt3ed.tmp
utt810e.tmp
utt4153.tmp
utt5068.tmp
uttdad2.tmp
utt140C.tmp
utt2357.tmp
utt55e3.tmp
utt1935.tmp
uttbfdc.tmp
utt7d7f.tmp
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!