cspy31.exe

CloneSpy

Marcus Kleinehagenbrock

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Publisher:
Marcus Kleinehagenbrock

Product:
CloneSpy

Description:
CloneSpy Installer

Version:
3.1

MD5:
3369e6609a50d1092ece83fed09843ac

SHA-1:
6b351c89e9646992e76b5720d9253c000ed22bd1

SHA-256:
06d6711cf544798e4a9a7cbadb417bf41020b6de343ff64f588401329c2e5fc1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 4:51:54 AM UTC  (today)

File size:
2.7 MB (2,851,744 bytes)

Product version:
3.1

Copyright:
© 2001 - 2014 Marcus Kleinehagenbrock

Original file name:
CloneSpy.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cspy31.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:U/iqMBH8bnuMYApJ4dbiFsPKvxz+5W1aquwSTG/J30iQmXbigoFT3:UcKibiF9V6W1f/J30i3Xbkz

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file cspy31.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file cspy31.exe has been seen being distributed by the following 3 URLs.

Scan cspy31.exe - Powered by Reason Core Security