avc-free.exe

Sample information


22

Antivirus detections

0

IDS alerts

3

Processes

0

Http events

0

Contacted hosts

1

DNS Requests

    10


    Score

Current activity of this Sample


Blacklist timeline


Generic Malware

Hybrid-Analysis

First seen: Mon Jul 14 2025 10:21:06 GMT+0000
Last seen: Mon Jul 14 2025 11:45:10 GMT+0000
Period: an hour
Hashes
Filename:
avc-free.exe
md5:
e5aa31726d70cc4065e80c3a5f3e92f6
sha1:
78d6d813a11dd67e1154b386f8430fcc9f6b0efa
sha256:
71d7d4fd3dbc20da9d12b8b4762e661a80b938118ecbca3ec408d7abcab23748

In depth details
Filetype:
PE32 executable (GUI) Intel 80386, for MS Windows, ...
Size (Bytes):
35631456
Classification:
malicious

Dates
Indexed:
Mon Jul 14 2025 10:08:15 GMT+0000 (2 months ago)
Last modified:
Mon Jul 14 2025 11:45:11 GMT+0000 (2 months ago)

Developers can check API Specification here:

API Specification

Request:

          
curl -H "Authorization: Bearer <API_KEY>" https://api.maltiverse.com/sample/71d7d4fd3dbc20da9d12b8b4762e661a80b938118ecbca3ec408d7abcab23748

Request:

Alternatively you can use Maltiverse Python3 Library: 
          
import requests
import json

url = 'https://api.maltiverse.com/sample/71d7d4fd3dbc20da9d12b8b4762e661a80b938118ecbca3ec408d7abcab23748'
response = requests.get(url)
print(json.dumps(response.json(), indent=4, sort_keys=True))

Request:

          
$url = 'https://api.maltiverse.com/sample/71d7d4fd3dbc20da9d12b8b4762e661a80b938118ecbca3ec408d7abcab23748'
$headers =  @{Authorization=("Bearer {0}" -f "<API_KEY>")}
$response = Invoke-RestMethod $url -Headers $headers
Write-Output $response

Response:

      
{
    "antivirus": [
        {
            "description": "PUA/OpenCandy.Gen",
            "name": "Avira"
        },
        {
            "description": "exe.adware.opencandy",
            "name": "CTX"
        },
        {
            "description": "win/grayware_confidence_100% (W)",
            "name": "CrowdStrike"
        },
        {
            "description": "Unsafe",
            "name": "Cylance"
        },
        {
            "description": "MALICIOUS",
            "name": "DeepInstinct"
        },
        {
            "description": "Win32/OpenCandy potentially unwanted",
            "name": "ESET-NOD32"
        },
        {
            "description": "Application.AdInstall (A)",
            "name": "Emsisoft"
        },
        {
            "description": "PotentialRisk.PUA/OpenCandy.Gen",
            "name": "F-Secure"
        },
        {
            "description": "Adware/OpenCandy",
            "name": "Fortinet"
        },
        {
            "description": "Win32.Adware.OpenCandy.P",
            "name": "GData"
        },
        {
            "description": "Detected",
            "name": "Google"
        },
        {
            "description": "PUA.OpenCandy",
            "name": "Ikarus"
        },
        {
            "description": "not-a-virus:AdWare.Win32.OpenCandy.jpn",
            "name": "Kaspersky"
        },
        {
            "description": "Trojan.Malware.237902066.susgen",
            "name": "MaxSecure"
        },
        {
            "description": "PUABundler:Win32/CandyOpen",
            "name": "Microsoft"
        },
        {
            "description": "Riskware.Win32.OpenCandy.eyvgvg",
            "name": "NANO-Antivirus"
        },
        {
            "description": "Win32.Adware.Opencandy.Jqil",
            "name": "Tencent"
        },
        {
            "description": "ADW_OPENCANDY",
            "name": "TrendMicro"
        },
        {
            "description": "ADW_OPENCANDY",
            "name": "TrendMicro-HouseCall"
        },
        {
            "description": "AdWare.OpenCandy",
            "name": "VBA32"
        },
        {
            "description": "W32/OpenCandy.J.gen!Eldorado",
            "name": "Varist"
        },
        {
            "description": "Adware/OpenCandy.d",
            "name": "huorong"
        }
    ],
    "blacklist": [
        {
            "count": 8,
            "description": "Generic Malware",
            "first_seen": "2025-07-14 10:21:06",
            "last_seen": "2025-07-14 11:45:10",
            "ref": [
                21745
            ],
            "source": "Hybrid-Analysis"
        }
    ],
    "classification": "malicious",
    "creation_time": "2025-07-14 10:08:15",
    "dns_request": [
        "api.opencandy.com"
    ],
    "filename": [
        "avc-free.exe"
    ],
    "filetype": "PE32 executable (GUI) Intel 80386, for MS Windows, ...",
    "is_alive": false,
    "is_cdn": false,
    "is_cnc": false,
    "is_distributing_malware": false,
    "is_hosting": false,
    "is_iot_threat": false,
    "is_known_attacker": false,
    "is_known_scanner": false,
    "is_mining_pool": false,
    "is_open_proxy": false,
    "is_phishing": false,
    "is_sinkhole": false,
    "is_storing_phishing": false,
    "is_tor_node": false,
    "is_vpn_node": false,
    "md5": "e5aa31726d70cc4065e80c3a5f3e92f6",
    "modification_time": "2025-07-14 11:45:11",
    "process_list": [
        {
            "name": "avc-free.exe",
            "normalizedpath": "C:\\avc-free.exe",
            "sha256": "71d7d4fd3dbc20da9d12b8b4762e661a80b938118ecbca3ec408d7abcab23748",
            "uid": "00000000-00007788"
        },
        {
            "commandline": "/SL5=\"$501FA,35061691,130560,C:\\avc-free.exe\"",
            "name": "avc-free.tmp",
            "normalizedpath": "%TEMP%\\is-QVGQT.tmp\\avc-free.tmp",
            "sha256": "2e403106b88b3cee1f2b127e1eb9826252e37ba88890b9248077cadd6198f3b6",
            "uid": "00000000-00006304"
        },
        {
            "commandline": "\"%TEMP%\\is-F987L.tmp\\OCSetupHlp.dll\",_OCPRD1554OpenCandy2@16 6304,2B99812857C6454DA4693089033E450A,7763BB10A2E5407FADB0675EF536C0ED,421DE23C6193481AAEA62DADFAA8B1E6",
            "name": "RunDll32.exe",
            "normalizedpath": "%WINDIR%\\SysWOW64\\RunDll32.exe",
            "sha256": "de51bae08fd7318c988ef54511b5c08d8c3d9bbb2fc03d76d97116a79afb9e81",
            "uid": "00000000-00004536"
        }
    ],
    "score": 10,
    "scoring_executed_time": "2025-07-14 10:21:08",
    "sha1": "78d6d813a11dd67e1154b386f8430fcc9f6b0efa",
    "sha256": "71d7d4fd3dbc20da9d12b8b4762e661a80b938118ecbca3ec408d7abcab23748",
    "size": 35631456,
    "tag": [
        "evasive",
        "windows-server-utility"
    ],
    "type": "sample"
}
Network contacts
DNS Requests
api.opencandy.com
Contacted Hosts

Antivirus positives

AntivirusThreat
AviraPUA/OpenCandy.Gen
CTXexe.adware.opencandy
CrowdStrikewin/grayware_confidence_100% (W)
CylanceUnsafe
DeepInstinctMALICIOUS
ESET-NOD32Win32/OpenCandy potentially unwanted
EmsisoftApplication.AdInstall (A)
F-SecurePotentialRisk.PUA/OpenCandy.Gen
FortinetAdware/OpenCandy
GDataWin32.Adware.OpenCandy.P
GoogleDetected
IkarusPUA.OpenCandy
Kasperskynot-a-virus:AdWare.Win32.OpenCandy.jpn
MaxSecureTrojan.Malware.237902066.susgen
MicrosoftPUABundler:Win32/CandyOpen
NANO-AntivirusRiskware.Win32.OpenCandy.eyvgvg
TencentWin32.Adware.Opencandy.Jqil
TrendMicroADW_OPENCANDY
TrendMicro-HouseCallADW_OPENCANDY
VBA32AdWare.OpenCandy
VaristW32/OpenCandy.J.gen!Eldorado
huorongAdware/OpenCandy.d
Process list
uid
00000000-00007788
commandline
name
avc-free.exe
normalizedpath
C:\avc-free.exe
sha256
71d7d4fd3dbc20da9d12b8b4762e661a80b938118ecbca3ec408d7abcab23748
uid
00000000-00006304
commandline
/SL5="$501FA,35061691,130560,C:\avc-free.exe"
name
avc-free.tmp
normalizedpath
%TEMP%\is-QVGQT.tmp\avc-free.tmp
sha256
2e403106b88b3cee1f2b127e1eb9826252e37ba88890b9248077cadd6198f3b6
uid
00000000-00004536
commandline
"%TEMP%\is-F987L.tmp\OCSetupHlp.dll",_OCPRD1554OpenCandy2@16 6304,2B99812857C6454DA4693089033E450A,7763BB10A2E5407FADB0675EF536C0ED,421DE23C6193481AAEA62DADFAA8B1E6
name
RunDll32.exe
normalizedpath
%WINDIR%\SysWOW64\RunDll32.exe
sha256
de51bae08fd7318c988ef54511b5c08d8c3d9bbb2fc03d76d97116a79afb9e81