clicup.exe

Ad Businness Crown Solutions S.L.

The application clicup.exe by Ad Businness Crown Solutions S.L has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d3ijsb1ryk5jd8.cloudfront.net and multiple other hosts.
Publisher:
Ad Businness Crown Solutions S.L.  (signed and verified)

MD5:
8d02f701cd955c8bf9969c6a3a89bb37

SHA-1:
a04b96f1463a2ab4c5774bdb7ba06d4f80df86a7

SHA-256:
0330dfb19d786865dd29a8324828bb8031893bf193ba8f11630e5e28dd7fe78b

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:46:13 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Cylon.aqa
7.11.173.208

AVG
Generic
2015.0.3339

Comodo Security
ApplicUnwnt
19585

Dr.Web
Adware.CyclonM.1
9.0.1.0270

IKARUS anti.virus
AdWare.Cylon
t3scan.1.7.8.0

Reason Heuristics
PUP.AdBusinnessCrownSolutionsSL.G
14.9.27.2

Trend Micro House Call
Suspici.4F91743C
7.2.270

Trend Micro
ADW_CYLON
10.465.27

VIPRE Antivirus
Cyclon-Media
33338

File size:
949.6 KB (972,424 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\clicup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/3/2014 2:00:00 AM

Valid to:
7/3/2016 1:59:59 AM

Subject:
CN=Ad Businness Crown Solutions S.L., O=Ad Businness Crown Solutions S.L., STREET="C/ Capitan Haya 1, PISO 15", L=Madrid, S=Madrid, PostalCode=28020, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
73A607B23398F9417EA8AC5EA5B82B19

File PE Metadata
Compilation timestamp:
12/25/2013 6:01:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:+WXlI4g0RvObBE270cqz4DRgmYOkTX3Oy5T1PON:vVp2bG2E4pYOmXNQ

Entry address:
0x30B8

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 78, 37, 42, 00, E8, 95, 2D, 00, 00, A3, C4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 80, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, 2E, 42, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 2D, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file clicup.exe has been seen being distributed by the following 2 URLs.

Remove clicup.exe - Powered by Reason Core Security