clownfish.exe

Bogdan Sharkov

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Clownfish’. This file is installed with the program Clownfish for Skype. The file has been seen being downloaded from s3159.chomikuj.pl and multiple other hosts.
Publisher:
Bogdan Sharkov  (signed and verified)

MD5:
26fff54ea747da32a6ae0038fe0c31e1

SHA-1:
849acaf17d9315bf10103e12a813af3fc75417e3

SHA-256:
c8fcfa3a4543355fc34d0939f85516ef9a6259def8ba8e2a4a249741da0abdbd

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/25/2024 6:53:51 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Suspicious
17887

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
1 MB (1,055,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\clownfish\clownfish.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/9/2012 6:00:00 PM

Valid to:
2/9/2014 5:59:59 PM

Subject:
CN=Bogdan Sharkov, O=Bogdan Sharkov, STREET=Gotze Delchev 41A, L=Sofia, S=Outside United States, PostalCode=1404, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0C3DEE653C5773904BD39374E9A9B249

File PE Metadata
Compilation timestamp:
2/13/2012 4:04:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:WFCROiJ43k8B8rJtN+XNey6lkGuqYnF3BB44A:WOyXcnkG4nFg4A

Entry address:
0x6E35C

Entry point:
E8, 17, CF, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.5370

Code size:
559 KB (572,416 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Clownfish

Command:
"C:\Program Files\clownfish\clownfish.exe"


The file clownfish.exe has been discovered within the following program.

Clownfish for Skype  by Bogdan Sharkov
Publisher's description - “Clownfish is an online translator for all your messages. Just write in your native language and the recipient will receive the translated message.”
48% remove it
 
Powered by Should I Remove It?

The file clownfish.exe has been seen being distributed by the following 2 URLs.

Scan clownfish.exe - Powered by Reason Core Security