× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab7c0db542078184fb7bdd1e6a9c741979f2b64ab9cbc32e3771e112482b6ec7
File name: ab7c0db542078184fb7bdd1e6a9c741979f2b64ab9cbc32e3771e112482b6ec7.bin
Detection ratio: 22 / 68
Analysis date: 2018-07-23 02:15:07 UTC ( 2 months, 3 weeks ago )
Antivirus Result Update
Antiy-AVL GrayWare[Adware]/Win32.OpenCandy.heur 20180723
CAT-QuickHeal Trojan.CGeneric 20180722
Cyren W32/OpenCandy.E.gen!Eldorado 20180722
DrWeb Adware.OpenCandy.55 20180722
Emsisoft Application.OpenCandy (A) 20180722
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/OpenCandy.A potentially unsafe 20180723
F-Prot W32/OpenCandy.E.gen!Eldorado 20180722
Fortinet Riskware/OpenCandy_A 20180722
GData Win32.Application.OpenCandy.O 20180722
K7AntiVirus Unwanted-Program ( 004bc62d1 ) 20180722
K7GW Unwanted-Program ( 004bc62d1 ) 20180723
Malwarebytes PUP.Optional.OpenCandy 20180723
MAX malware (ai score=99) 20180723
Microsoft PUA:Win32/CandyOpen 20180722
NANO-Antivirus Riskware.Win32.OpenCandy.dqfxyu 20180723
Palo Alto Networks (Known Signatures) generic.ml 20180723
Rising Malware.Undefined!8.C (C64:YzY0OpaoLX4nV2fY) 20180723
Sophos AV Generic PUA NI (PUA) 20180723
SUPERAntiSpyware PUP.OpenCandy/Variant 20180722
VBA32 Adware.OpenCandy 20180720
Webroot Pua.Open.Candy 20180723
Ad-Aware 20180723
AegisLab 20180723
AhnLab-V3 20180722
Alibaba 20180713
ALYac 20180723
Arcabit 20180723
Avast 20180723
Avast-Mobile 20180722
AVG 20180723
Avira (no cloud) 20180722
AVware 20180723
Babable 20180406
Baidu 20180723
BitDefender 20180723
Bkav 20180719
ClamAV 20180723
CMC 20180722
Comodo 20180723
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180723
eGambit 20180723
F-Secure 20180722
Ikarus 20180722
Sophos ML 20180717
Jiangmin 20180723
Kaspersky 20180722
Kingsoft 20180723
McAfee 20180722
McAfee-GW-Edition 20180722
eScan 20180722
Panda 20180722
Qihoo-360 20180723
SentinelOne (Static ML) 20180701
Symantec 20180722
TACHYON 20180723
Tencent 20180723
TheHacker 20180722
TotalDefense 20180722
TrendMicro 20180723
TrendMicro-HouseCall 20180723
Trustlook 20180723
VIPRE 20180723
ViRobot 20180722
Yandex 20180720
Zillya 20180720
ZoneAlarm by Check Point 20180722
Zoner 20180723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signature verification Signed file, verified signature
Signing date 1:12 PM 10/21/2014
Signers
[+] 3DP
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - SHA256 - G2
Valid from 7:42 AM 10/20/2014
Valid to 7:42 AM 10/21/2015
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint B74562F3C11E4CEAFC0E40A1CE8C92C756954374
Serial number 11 21 46 52 8C 53 F3 41 14 1E AD AD 29 46 A5 88 F3 FD
[+] GlobalSign CodeSigning CA - SHA256 - G2
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 8/2/2011
Valid to 11:00 AM 8/2/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 4E34C4841080D07059EFC1F3C5DE4D79905A36FF
Serial number 04 00 00 00 00 01 31 89 C6 37 E8
[+] GlobalSign Root CA - R3
Status Valid
Issuer GlobalSign
Valid from 11:00 AM 3/18/2009
Valid to 11:00 AM 3/18/2029
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha256RSA
Thumbprint D69B561148F01C77C54578C10926DF5B856976AD
Serial number 04 00 00 00 00 01 21 58 53 08 A2
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX, NSIS, appended, Malware_Prot.AJ, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-24 19:19:59
Entry Point 0x000039E3
Number of sections 6
PE sections
Overlays
MD5 b915b2724169682dcec4d00e2f7eef2c
File type data
Offset 64000
Size 3172208
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
DeleteFileW
lstrcmpA
lstrcmpW
GetModuleHandleW
lstrcatW
lstrcpynA
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
GetAsyncKeyState
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
FindWindowExW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
CreateDialogParamW
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FillRect
IsDlgButtonChecked
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 48
RT_ICON 3
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 54
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:24 20:19:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
28672

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
445952

SubsystemVersion
5.0

EntryPoint
0x39e3

OSVersion
5.0

ImageVersion
6.0

UninitializedDataSize
16896

Execution parents
Compressed bundles
File identification
MD5 0726ec7142c07db7a861ac82b58d13ed
SHA1 a64c70af9b92ba8a23e6d2e76fbfaf3db18d7f9e
SHA256 ab7c0db542078184fb7bdd1e6a9c741979f2b64ab9cbc32e3771e112482b6ec7
ssdeep
98304:TMSvWG1lNhrpGKsrRORkwk8AjPx/UA3G//E/LSyU:ZekhriLp8AT5NCs/L4

authentihash 2f34ae7c6425460335c074b1f597177373f2b7fe09a7412eaf8527d99c77a8aa
imphash 32f3282581436269b3a75b6675fe3e08
File size 3.1 MB ( 3236208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
nsis peexe signed upx overlay

VirusTotal metadata
First submission 2014-10-21 12:13:45 UTC ( 3 years, 12 months ago )
Last submission 2018-07-23 02:15:07 UTC ( 2 months, 3 weeks ago )
File names 3DP_Chip_v1410.exe
3DP_Chip_v1410 잉여들이 바이러스 있대서.exe
3DP_Chip_v1410.exe?token=1415637346_366d0bd239279e737fd7ccd837b3faaf&fileName=3DP_Chip_v1410.exe
3DP-Chipv1410.exe
3DP_Chip_v14.10.exe
3DP_Chip_v1410.exe?token=1414409720_e8712b942e02bc181973cf6b098c0b62&fileName=3DP_Chip_v1410.exe
3DP_Chip_v1410.exe
3dp-chip.exe
2831-3DP_Chip_v1410.exe
Setup_product_22663.exe
ab7c0db542078184fb7bdd1e6a9c741979f2b64ab9cbc32e3771e112482b6ec7.bin
solucion a tarjeta grafica vga actualizado.exe
filename
output.49049628.txt
file-7735527_exe
49049628
PUP-Optional-OpenCandy.exe
Acunetix.exe
6cce4d13d57dd00ba135acaec9dd6fb5c9afa8a5
3DP_Chip_v1410.exe?token=1415648087_80e67f06b5ce46f7f6f3902a54780c53&fileName=3DP_Chip_v1410.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Created processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections