anysendui.exe

ClickMeIn Limited

The application anysendui.exe, “AnySend User interface” by ClickMeIn Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AnySend User Interface’. While running, it connects to the Internet address dl6.clickmein.com on port 80 using the HTTP protocol.
Publisher:
ClickMeIn Limited  (signed and verified)

Description:
AnySend User interface

Version:
1.0.0.49

MD5:
254935c4969e78cfe09267ef4c8492d0

SHA-1:
1cdcede58c2b6a38b930a9d8a0092c80ebe04cf1

SHA-256:
f29bd777ece9e4d1c0166631ac21c2dc51e3a3cffa3c25d2378a0b17f828560a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 4:16:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ClickMeInLimited.J
14.2.19.12

File size:
6.7 MB (7,033,968 bytes)

Product version:
1.0.0.49

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\anysend\anysendui.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/12/2012 1:00:00 AM

Valid to:
3/3/2015 12:59:59 AM

Subject:
CN=ClickMeIn Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ClickMeIn Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0181B78FA98E62B38390017BFFA25E8C

File PE Metadata
Compilation timestamp:
8/6/2013 2:38:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:/fPGYVN99+yNdfc4UUtzTZaD48mMFCELj5WyHoTfmDJ:x7dUSTqA0j5WmoTfmF

Entry address:
0x428A28

Entry point:
55, 8B, EC, B9, 04, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, B8, 78, FA, 80, 00, E8, B9, 38, BE, FF, 8B, 1D, 94, 04, 84, 00, 33, C0, 55, 68, A4, 8B, 82, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, B8, 01, 00, 00, 00, E8, BC, BE, BD, FF, 8B, 45, E8, 8D, 55, EC, E8, 19, CF, BE, FF, 8B, 45, EC, BA, C0, 8B, 82, 00, E8, 90, FD, BD, FF, 75, 28, 8D, 55, E4, B8, 02, 00, 00, 00, E8, 95, BE, BD, FF, 8B, 4D, E4, B2, 01, A1, 9C, F4, 80, 00, E8, 4E, 6B, FE, FF, 68, 10, 27, 00, 00, E8, 98, 7F, BF, FF, EB, F4, E8, 9D...
 
[+]

Code size:
4.2 MB (4,357,632 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AnySend User Interface

Command:
C:\Program Files\anysend\anysendui.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dl6.clickmein.com  (206.190.150.70:80)

TCP (HTTP):
Connects to dl5.clickmein.com  (173.193.214.228:80)

Remove anysendui.exe - Powered by Reason Core Security