home

anysendsvc.exe

ClickMeIn Limited

The application anysendsvc.exe, “AnySend Sender Service” by ClickMeIn Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “AnySend”. While running, it connects to the Internet address dl3.clickmein.com on port 80 using the HTTP protocol.
Publisher:
ClickMeIn Limited  (signed and verified)

Description:
AnySend Sender Service

Version:
1.0.0.49

MD5:
58879e11d7bd43f7dc5f149801ea1165

SHA-1:
b4a7684aa6078f76a017d481e66704365a374838

SHA-256:
458712991b9d6b005fa9d61b9ffaf78e2ca0a5807d69a075ab5e1f9e55b8eb1b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:01:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ClickMeInLimited.K
14.2.19.12

File size:
3.5 MB (3,670,640 bytes)

Product version:
1.0.0.49

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\anysend\anysendsvc.exe

Digital Signature
Signed by:
ClickMeIn Limited

Authority:
VeriSign, Inc.

Valid from:
1/12/2012 1:00:00 AM

Valid to:
3/3/2015 12:59:59 AM

Subject:
CN=ClickMeIn Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ClickMeIn Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0181B78FA98E62B38390017BFFA25E8C

File PE Metadata
Compilation timestamp:
8/6/2013 2:38:02 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:QqZWh4S7AmknDjMYtYrzDdh2JAzU97xPFG/IdNm6Xk4GAk:Q83cvrzDdTzUJHtLby

Entry address:
0x2FEB3C

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, B8, 24, A2, 6E, 00, E8, 76, C8, D0, FF, 8B, 1D, 7C, 95, 70, 00, E8, D3, EB, F8, FF, 84, C0, 74, 66, 8B, 03, E8, 84, 67, D0, FF, 33, C0, 89, 03, A1, 88, 95, 70, 00, 8B, 00, BA, 48, EC, 6F, 00, E8, F7, AD, DD, FF, A1, 88, 95, 70, 00, 8B, 00, E8, CF, B3, DD, FF, 8B, 0D, 68, 97, 70, 00, A1, 88, 95, 70, 00, 8B, 00, 8B, 15, 3C, 5E, 6D, 00, E8, CF, B3, DD, FF, 8B, 0D, DC, 97, 70, 00, A1, 88, 95, 70, 00, 8B, 00, 8B, 15, 34, 35, 6E, 00, E8, B7, B3, DD, FF, A1, 88, 95, 70, 00, 8B, 00...
 
[+]

Code size:
3 MB (3,133,440 bytes)

Service
Display name:
AnySend

Service name:
AnySendService

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to pc-30-72-101-190.cm.vtr.net  (190.101.72.30:8195)

TCP:
Connects to 18.57.190.94.interra.ru  (94.190.57.18:8195)

TCP (HTTP):
Connects to dl3.clickmein.com  (199.189.107.164:80)

TCP:
Connects to r191-pw-piqueri.ibys.com.br  (189.76.62.182:8195)

TCP:
Connects to l5-129-38-124.cn.ru  (5.129.38.124:8195)

TCP:
Connects to dynamicip-188-235-29-199.pppoe.voronezh.ertelecom.ru  (188.235.29.199:8195)

TCP:
Connects to a89-152-196-246.cpe.netcabo.pt  (89.152.196.246:8195)

TCP:
Connects to 37-229-244-189.broadband.kyivstar.net  (37.229.244.189:8195)

TCP:
Connects to 217-17.126-126.kovrovinter.net  (217.17.126.126:8195)

TCP:
Connects to vpn-226.surguttel.ru  (217.8.93.226:8195)

TCP:
Connects to tkacheva.rzn.ru  (80.72.126.186:29837)

TCP:
Connects to pppoe-217-23-74-113-fix-srv.volgaline.ru  (217.23.74.113:8195)

TCP:
Connects to PPPoE-188.0.9.76-IP.RastrNET.RU  (188.0.9.76:29837)

TCP:
Connects to p4181-ipbf505hiraide.tochigi.ocn.ne.jp  (118.6.55.181:8195)

TCP:
Connects to net-37-116-39-165.cust.vodafonedsl.it  (37.116.39.165:8195)

TCP:
Connects to net123.235.188-233.ertelecom.ru  (188.235.123.233:8195)

TCP:
Connects to l37-194-43-105.novotelecom.ru  (37.194.43.105:8195)

TCP:
Connects to ip-176-193-95-102.bb.netbynet.ru  (176.193.95.102:29837)

TCP:
Connects to i02m-62-34-165-41.d4.club-internet.fr  (62.34.165.41:8195)

TCP:
Connects to host-static-92-115-221-82.moldtelecom.md  (92.115.221.82:8195)

Remove anysendsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.