ccnfd_1_10_0_5.sys

Click Caption Driver x86

CLICKCAPTION

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file ccnfd_1_10_0_5.sys by CLICKCAPTION has been detected as adware by 12 anti-malware scanners. It runs as a Windows kernel mode device driver named “ccnfd_1_10_0_5”.
Publisher:
CLICKCAPTION  (signed and verified)

Product:
Click Caption Driver x86

Version:
1.10.0.5

MD5:
517513301ff6289513178cd815db023a

SHA-1:
1a5c0c46a110a6d7e5d6214e59160ca9f1647b2c

SHA-256:
5246406a7625d4485f2219d5fb0fe1665d0a56e5b3e30ab035b1388a2d637438

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
12/25/2024 1:11:03 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Popad
7.1.1

Avira AntiVirus
Adware/Vitruvian.52728
7.11.197.44

AVG
Clickcaption
2015.0.3248

Dr.Web
Adware.Popad.10
9.0.1.0360

Fortinet FortiGate
Adware/Vitruvian
12/26/2014

IKARUS anti.virus
AdWare.Vitruvian
t3scan.1.8.5.0

Kaspersky
not-a-virus:AdWare.Win32.Vitruvian
14.0.0.2736

Malwarebytes
PUP.Optional.ClickCaption.A
v2014.12.26.06

McAfee
Artemis!517513301FF6
5600.6904

Reason Heuristics
PUP.CLICKCAPTION.R
14.12.26.18

Trend Micro House Call
Suspicious_GEN.F47V1219
7.2.360

Vba32 AntiVirus
AdWare.Vitruvian
3.12.26.3

File size:
51.5 KB (52,728 bytes)

Product version:
1.10.0.5

Copyright:
Copyright (C) 2014

Original file name:
ccnfd.sys

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
9/4/2014 2:18:53 PM

Valid to:
9/4/2016 2:18:53 PM

Subject:
E=support@clickcaption.com, CN=CLICKCAPTION, O=CLICKCAPTION, L=Dover, S=DE, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121F77BE8577127D022B4D9CE6DA92A6C1F

File PE Metadata
Compilation timestamp:
8/21/2012 6:34:53 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
8.0

CTPH (ssdeep):
768:VY47urAd7AVbTXO2vZd1VjXjurCIDaCCepa+ez8oc3fjURC5Etg2JHZ:u47ue7ITew1JXCrdDqe43cPQ8+tRZ

Entry address:
0xA085

Entry point:
8B, FF, 55, 8B, EC, A1, 00, 8C, 01, 00, 85, C0, B9, 4E, E6, 40, BB, 74, 04, 3B, C1, 75, 1E, 8B, 15, 08, 8B, 01, 00, B8, 00, 8C, 01, 00, C1, E8, 08, 33, 02, A3, 00, 8C, 01, 00, 75, 07, 8B, C1, A3, 00, 8C, 01, 00, F7, D0, A3, 04, 8C, 01, 00, 5D, E9, 51, E7, FF, FF, CC, 2C, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, A4, 00, 00, 94, 8A, 00, 00, 18, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DE, A4, 00, 00, 80, 8A, 00, 00, 24, A1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FA, A4, 00, 00, 8C, 8A, 00, 00, 00...
 
[+]

Entropy:
6.2938

Code size:
34.8 KB (35,584 bytes)

Driver
Display name:
ccnfd_1_10_0_5

Type:
Kernel device driver (KernelDriver)

Group:
PNP_TDI


Remove ccnfd_1_10_0_5.sys - Powered by Reason Core Security