ccav_installer_236.exe

COMODO Cloud Antivirus

Comodo Security Solutions

This is a setup program which is used to install the application. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
COMODO  (signed by Comodo Security Solutions)

Product:
COMODO Cloud Antivirus

Version:
1, 2, 392126, 236

MD5:
c0aa7115c63c877ae328af33443511d9

SHA-1:
8e6f5751413396f29a84a9ff61fb7f8648930196

SHA-256:
d3978821d9926e4bb26083c8e7375deb5c4691eff08fe7f58c613f2c599c6a81

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 6:33:47 PM UTC  (today)

File size:
5.8 MB (6,122,984 bytes)

Product version:
1, 2, 392126, 236

Copyright:
2005-2016 COMODO. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ccav_installer_236.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/4/2016 7:00:00 AM

Valid to:
1/1/2017 6:59:59 AM

Subject:
CN=Comodo Security Solutions, O=Comodo Security Solutions, STREET=1255 Broad St., STREET=Suite 100, L=Clifton, S=New Jersey, PostalCode=07013, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
474BF5DFD0395CA926B2F2367E46DCE8

File PE Metadata
Compilation timestamp:
2/18/2016 9:47:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:XuOqiq2tDyWel2HllXTTPZI33/UItqcD9niDh5kW4G/qRq4rpJMJTeltxB:XlHDyxlm3XTjZ0vNjniDhcG/qRTKe3

Entry address:
0x1D0F6

Entry point:
E8, 88, 3C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, C1, 42, 00, E8, 24, 09, 00, 00, E8, 0F, 23, 00, 00, 0F, B7, F0, 6A, 02, E8, 1B, 3C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 75, 34, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9932  (probably packed)

Code size:
141 KB (144,384 bytes)

The file ccav_installer_236.exe has been seen being distributed by the following 9 URLs.

https://dw.uptodown.com/dwn/-DTcLKoJuB09Ksy3IjLino6zUDyrJEwEuG39_M7CVuG4IfDvUatcFt_itMyUdy20iBYIS3eeD_if1mWzn7rObnhv4aKW6C6EMJXfKoYxLmBIdES9cHotiB5pdPXt-9Aj/KOfupDczPV7qv3iAE3eX0JJ8f6bOScliehvEyrn3Le_KJl57JxlDZnYUDDw_bgATKpeJyttDhMFfMbtEyPGl2UrawjEXujMxVYXjg-bzr3fnT5egQNl6T2xE40q_hpj1/kn0OLPPntVqBxcvi0i0NLzjTMfwhN9xs-TrwRyuMlNVqJqTM1dk-q4wFFtQm2hqAY8bCFB2MHd_8CknUes-ke5bbM1mBsrTiCYlAUZdFGhXcpceHkRNBYiYv6PUAG3Mc/.../

http://download-cn.comodo.com/ccav/.../ccav_installer.exe

http://dw.uptodown.com/dwn/M6YRSuEShmxoapcMn43hC4OId1HGkSbAEpE94XiEYfjXSVuBCZMF0fJLgeiIyy9LvjUa4VQ3z1WqFVsGLdygF0BuDW11gMuLbtZreYNf-0CZRTPrgiAmKnzaERKlldwW/JoDfdrFYXMOslA6HT_sjtNoE9Fl4mJeF7n8jRIxbBUPhs9rQh00s7T1jAY8enS8h6263voPp4bjAzoGMjqGHfTLZVpt0yEJ2pKzxQlLbeNH4hnxQPHDf9L0M2Gh2pgYU/3_lPOv8XVzgW66nbOEsbeGzcfu4Yyjyhdr3q0P97WsqboDrJ4Hgtmf9dXzg0FfIXsLTLwGCCgVHiloPbSAc6VtpFkL6RCD1RKlBR9270AlLHP3UxBzLwjimj9Tq0Y3fT/.../

http://dw.uptodown.com/dwn/oCnKDzyA9QjSCBLz0o_0nraR4JAxol3JfU_cdjKrz2Qiw9NZJxve99rd4PDMw5k6mcfmik7q-OBk4UGet2rPsf1BS4CqobYwh5st1ySnOzvuG1X0RKtLV6d8sUO7hVpV/QNTLkGnnhiavZY3N8f-3s_ONUPwKdZmezkX8QcG2yKYvVNgEVfrecD9vdQ8gQjPA2nA3Lkm5a9r49MFVnTmBiNyizSnbkJkFnKXDg2X1E1mnMPRenMJC5Kfcbr-Ycc8o/Rrp4CDddjBeugKCK3YYuiJRh8mH0vXmW7J3x7FypBaLPDfxs69dDDi1tHdTOqBkkKWwb7Sm9ZkWC9_BquD_pF3RuIG3sm5ccUcm_Wq2Ut50P51w1MKIwOCeyJSK1wSQx/.../

https://dw3.uptodown.com/dwn/IcERT0pvCtD6fkUA44C5He4G2UVa4rsaa7hIZWVI8v-k4XN2gzRg4p8H_qGGTfgAv7Jxe46p8j6CaXqTw0FCALPXC9wFnNTd52LbLqZA1TSM32d8xbk8BJAvHv34711k/xJmS7Eh11R7S4fDVfb5Nnev7WmV9doqdor-ySq1WgwHpqnQMurwxGRgJojSMqsa-TO8zg_lzA2yB3X4g3x6tVGpGEAd9RI2EviLvFLHEICY4igZsetl1xntnXfOgBhZE/OY_KX43ogu_W8nVkuTOA-QGetoXwP_LP4Ec4bWT8K3fFHWPXuCCmU6BRsYZtNbgUwUHzKo5QqzxGtka3Bn6tRiEZQdnBsHNJJ7LCkB7JOphob28GJOKy1sz5DScA2b_-/.../comodo-antivirus-8-4-0-5068.exe

Scan ccav_installer_236.exe - Powered by Reason Core Security