cupoiking.exe

Red Sky Sp. z o.o.

The application cupoiking.exe by Red Sky Sp. z o.o has been detected as a potentially unwanted program by 17 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 9880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Red Sky Sp. z o.o.  (signed and verified)

MD5:
4e5ca1f6d7d8764ecc3c99cf8cc82cab

SHA-1:
791fd8d11de3aaa99d8aacaa39e0ec788029a4a0

SHA-256:
92df65ac313a11934348fb225a739de66da381361edf7ce7427c0e71d6f088d0

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:01:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.PUQW
6345235

Avira AntiVirus
APPL/Obrona.4377560
7.11.196.218

Bitdefender
Adware.PUQW
1.0.20.5

Comodo Security
ApplicUnwnt
20252

Emsisoft Anti-Malware
Adware.PUQW
9.0.0.4799

ESET NOD32
Win32/Adware.ObronaAds.B application
7.0.302.0

F-Secure
Adware.PUQW
5.13.68

G Data
Adware.PUQW
15.1.24

IKARUS anti.virus
PUA.ObronaAds
t3scan.1.8.3.0

McAfee
Artemis!4E5CA1F6D7D8
5600.6899

MicroWorld eScan
Adware.PUQW
16.0.0.3

Norman
Adware.PUQW
29.12.2014 07:19:03

nProtect
Adware.PUQW
14.12.19.01

Reason Heuristics
PUP.Optional.RedSkySpzoo.J
14.11.26.15

Sophos
PUA 'Obrona Ads' (of type Adware)
5.09

Trend Micro House Call
Suspicious_GEN.F47V1127
7.2.331

VIPRE Antivirus
Threat.4150696
35418

File size:
4.2 MB (4,377,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cupoiking\cupoiking.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/28/2014 12:00:00 AM

Valid to:
3/28/2015 11:59:59 PM

Subject:
CN=Red Sky Sp. z o.o., OU=Red Sky, O=Red Sky Sp. z o.o., POBox=71-064, STREET=Aleja Piastow 22, L=Szczecin, S=zachodniopomorskie, PostalCode=71-064, C=PL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AF74AE06E658887C8B6B42539F3FA758

File PE Metadata
Compilation timestamp:
4/3/1998 5:11:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
98304:YsoMJS24MtlQE0vPsUlzkxSlELYTs9o36ln4zSPTnAo+:AS74MtlQE0vPmx+cv4zS8o+

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, 24, 71, 82, 00, 01, 00, 00, 00, E8, 9E, 50, 05, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 24, 71, 82, 00, 00, 00, 00, 00, E8, 7E, 50, 05, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, 18, 93, 82, 00, C7, 04, 24, 00, 40, 47, 00, FF, D3, 89, C6, 83, EC, 04, 85, F6, B8, D0, C0, 45, 00, 74, 29, C7, 04, 24, 00, 40, 47, 00, FF, 15, 54, 93, 82, 00, 83, EC, 04, A3, 38, 70, 82, 00, C7, 44, 24, 04, 13, 40...
 
[+]

Entropy:
6.7733

Code size:
453 KB (463,872 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:9880/

Local host port:
9880

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP SSL):
Connects to wj-in-f95.1e100.net  (74.125.195.95:443)

TCP (HTTP SSL):
Connects to wj-in-f84.1e100.net  (74.125.195.84:443)

TCP (HTTP SSL):
Connects to wi-in-f139.1e100.net  (173.194.67.139:443)

TCP (HTTP SSL):
Connects to wi-in-f113.1e100.net  (173.194.67.113:443)

TCP (HTTP SSL):
Connects to wi-in-f100.1e100.net  (173.194.67.100:443)

TCP (HTTP SSL):
Connects to wg-in-f156.1e100.net  (173.194.78.156:443)

TCP (HTTP):
Connects to wg-in-f154.1e100.net  (173.194.78.154:80)

TCP (HTTP SSL):
Connects to wg-in-f138.1e100.net  (173.194.78.138:443)

TCP (HTTP SSL):
Connects to wg-in-f106.1e100.net  (173.194.78.106:443)

TCP (HTTP SSL):
Connects to userm874.uk.uudial.com  (193.149.80.162:443)

TCP (HTTP SSL):
Connects to usera601.uk.uudial.com  (193.149.68.93:443)

TCP (HTTP):
Connects to upload-lb.eqiad.wikimedia.org  (208.80.154.240:80)

TCP (HTTP):
Connects to text-lb.eqiad.wikimedia.org  (208.80.154.224:80)

TCP (HTTP SSL):
Connects to tesco.com.102.122.2o7.net  (63.140.54.231:443)

TCP (HTTP):
Connects to sjd-rf15-7c.sjc.dropbox.com  (108.160.167.35:80)

TCP (HTTP):
Connects to sjd-rc1-1a.sjc.dropbox.com  (108.160.165.181:80)

TCP (HTTP):
Connects to sjd-rb12-1a.sjc.dropbox.com  (108.160.166.57:80)

TCP (HTTP):
Connects to sjd-ra1-1b.sjc.dropbox.com  (108.160.165.54:80)

Remove cupoiking.exe - Powered by Reason Core Security