clicup.exe

Ad Businness Crown Solutions S.L.

The application clicup.exe by Ad Businness Crown Solutions S.L has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dmrm038s4vkzd.cloudfront.net.
Publisher:
Ad Businness Crown Solutions S.L.  (signed and verified)

MD5:
3221d9b300785b747497715a184b5e89

SHA-1:
75f3ef82ed6b7cec6290f699d9115822eeda0387

SHA-256:
88d19726800fb754a589682e238368bced40b10f204733dd24104ae67d18e51a

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 11:16:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Cyclon.A
5836431

AhnLab V3 Security
PUP/Win32.Downloader
2015.02.20

Avira AntiVirus
Adware/PURB.509424
7.11.211.154

avast!
Malware-gen
150717-0

AVG
Generic
2016.0.3036

Bitdefender
Adware.Cyclon.A
1.0.20.1040

Comodo Security
ApplicUnwnt
21139

Dr.Web
Adware.CyclonM.1
9.0.1.05190

Emsisoft Anti-Malware
Adware.Cyclon
10.0.0.5366

F-Secure
Adware.Cyclon.A
11.2015-27-07_2

G Data
Adware.Cyclon
15.7.25

McAfee
Trojan.Artemis!32623DCB5BAF
18.0.204.0

MicroWorld eScan
Adware.Cyclon.A
16.0.0.624

Norman
Adware.Cyclon.A
07.07.2015 03:10:29

nProtect
Adware.Cyclon.A
15.02.17.01

Reason Heuristics
PUP.AdBusinnessCrownSolutions
15.2.6.5

Trend Micro House Call
TROJ_GE.0F0F2B7A
7.2.208

Trend Micro
TROJ_GE.0F0F2B7A
10.465.27

VIPRE Antivirus
Threat.5063539
41424

File size:
975.4 KB (998,808 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\clicup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/3/2014 2:00:00 AM

Valid to:
7/3/2016 1:59:59 AM

Subject:
CN=Ad Businness Crown Solutions S.L., O=Ad Businness Crown Solutions S.L., STREET="C/ Capitan Haya 1, PISO 15", L=Madrid, S=Madrid, PostalCode=28020, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
73A607B23398F9417EA8AC5EA5B82B19

File PE Metadata
Compilation timestamp:
12/25/2013 6:01:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:oJBXB33JUrLmukFDD9keU7aC0Y0QlUdNLz/ZpXfuaCpP6n:UBXrUfmuSke6ZGQKdNLjZpXfuaOP8

Entry address:
0x30B8

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 78, 37, 42, 00, E8, 95, 2D, 00, 00, A3, C4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 80, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, 2E, 42, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 2D, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file clicup.exe has been seen being distributed by the following URL.

Remove clicup.exe - Powered by Reason Core Security