» CKPhishingPro.exe
Overview
Analysis
File Details
Behaviors (1)

CKPhishingPro.exe

Client Keeper PhishingPro

SoftSecurity Co. Ltd.

The executable CKPhishingPro.exe, “ClientKeeper PhishingPro” has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘CKPhishingPro’.

File name:

CKPhishingPro.exe

Publisher:

SoftSecurity Co. Ltd. (signed and verified)

Product:

Client Keeper PhishingPro

Description:

ClientKeeper PhishingPro

Version:

1, 0, 1, 1

MD5:

9720ca48505cf0d2dfe04c3331fd4293

SHA-1:

6ef0799773d4010330396e643ab24e726f9ad18e

SHA-256:

5f6728d1988a5504658100b497c93dce4c6cddf89897c0fb62a897c59868028d

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

2/26/2025 8:44:34 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

DLOADER.Trojan

9.0.1.0214

F-Prot

W32/Blocker-based

v6.4.7.1.166

Vba32 AntiVirus

suspected of Unknown.Win32Virus

3.12.26.4

File size:

145.2 KB (148,688 bytes)

Product version:

1, 0, 1, 1

Original file name:

CKPhishingPro.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\clientkeeper\phishingpro\bin\ckphishingpro.exe

Digital Signature

Signed by:

SoftSecurity Co. Ltd.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/18/2009 9:00:00 AM

Valid to:

11/19/2010 8:59:59 AM

Subject:

CN=SoftSecurity Co. Ltd., OU=PC Security, O=SoftSecurity Co. Ltd., L=Gangnam-Gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

71CD20AD3F93763D18E616B4689A9927

File PE Metadata

Compilation timestamp:

4/22/2010 6:01:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:B6DsNidN54AGuhiHhbYzsU/jD4MgrYJytbciCz+Onp:BLAr4ALhiB0zD/HEPD2

Entry address:

0xA7D7

Entry point:

E8, F3, 6F, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, 20, 42, 00, 89, 0D, 24, 20, 42, 00, 89, 15, 20, 20, 42, 00, 89, 1D, 1C, 20, 42, 00, 89, 35, 18, 20, 42, 00, 89, 3D, 14, 20, 42, 00, 66, 8C, 15, 40, 20, 42, 00, 66, 8C, 0D, 34, 20, 42, 00, 66, 8C, 1D, 10, 20, 42, 00, 66, 8C, 05, 0C, 20, 42, 00, 66, 8C, 25, 08, 20, 42, 00, 66, 8C, 2D, 04, 20, 42, 00, 9C, 8F, 05, 38, 20, 42, 00, 8B, 45, 00, A3, 2C, 20, 42, 00, 8B, 45, 04, A3, 30, 20, 42, 00, 8D, 45, 08, A3, 3C, 20, 42, 00, 8B... 
[+]

Entropy:

6.2587

Code size:

92 KB (94,208 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CKPhishingPro

Command:

C:\ProgramData\clientkeeper\phishingpro\bin\ckphishingpro.exe

Remove CKPhishingPro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.