Malware

Win32/OpenCandy potentially unwanted malicious file

Malware Removal

The Win32/OpenCandy potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/OpenCandy potentially unwanted virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • A file was accessed within the Public folder.
  • Sample contains Overlay data
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Touches a file containing cookies, possibly for information gathering

How to determine Win32/OpenCandy potentially unwanted?



File Info:

name: A2A726D5AFF54A743761.mlw
path: /opt/CAPEv2/storage/binaries/446d54aaec3bd67e754335e3a77cb487cb9780797f793d87241f20563821fb69
crc32: F77C7F6F
md5: a2a726d5aff54a7437612696d4d8b296
sha1: 8afc97047a0c4c5e7ad41820fce2097498362c7a
sha256: 446d54aaec3bd67e754335e3a77cb487cb9780797f793d87241f20563821fb69
sha512: a3982ccd9e926e6f619391c6f503980ee33f10277d942b805c0389640324df908129000cbc2e10875493f9f76fb0aadf329e0108d8d90414ba059204ef7259f5
ssdeep: 98304:QYyHGMgJ29hWAQCNjBoN1v9A8NRIXZciwUWqQjBlo4JC3+H9uYFoLNTMY1A93:2yiSNhlSZZwUxIBm44suBpX+93
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1C836338F5491533BDC6A9BB27D86684008B3E06348683116360DE5AE6EE357C793F36F
sha3_384: 40f2947aa709ef626593e03869a21ad0dc188dca73c66fe90e727928aa1bf2caa40f26b5a082a18f6809122370414d34
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Phyxion.net                                                 
FileDescription: Checksum Verify Setup                                       
FileVersion:                     
LegalCopyright:                                                                                                     
ProductName: Checksum Verify                                             
ProductVersion: 1.1.0               
Translation: 0x0000 0x04b0

Win32/OpenCandy potentially unwanted also known as:

Cylanceunsafe
SangforAdware.Win32.Opencandy.Vtge
AlibabaDownloader:Win32/OpenCandy.20734e65
CrowdStrikewin/grayware_confidence_60% (D)
ESET-NOD32Win32/OpenCandy potentially unwanted
ZillyaTrojan.Black.Win32.45021
EmsisoftApplication.AdInstall (A)
WebrootW32.Adware.Gen
GoogleDetected
AviraPUA/OpenCandy.Gen
Antiy-AVLGrayWare[AdWare]/Win32.OpenCandy.a
MicrosoftPUABundler:Win32/CandyOpen
ViRobotAdware.Opencandy.5291841
GDataWin32.Adware.OpenCandy.D
VaristW32/OpenCandy.K.gen!Eldorado
DeepInstinctMALICIOUS
IkarusPUA.OpenCandy
MaxSecureTrojan.Malware.117605821.susgen

How to remove Win32/OpenCandy potentially unwanted?

Win32/OpenCandy potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment