curse-client.exe

CI_utility

CI Utility

The application curse-client.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.instdl17.info.
Publisher:
CI Utility

Product:
CI_utility

Version:
2.2.19.44

MD5:
a66380b0bc9f2c8ceb9d0eeb841694c3

SHA-1:
e0bd003317a55b7e55acf478d82dbfddca4ec6da

SHA-256:
edc564cd0199b6aa938243033b72a52685841ad9cc988ba056768ab84609e40d

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:40:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Agent.AL
5727219

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2015.12.15

Avira AntiVirus
ADWARE/Agent.718336.3
8.3.2.4

avast!
Win32:PUP-gen [PUP]
151212-2

AVG
Generic36
2016.0.2895

Bitdefender
Application.Bundler.Agent.AL
1.0.20.1745

Clam AntiVirus
Win.Adware.Agent-56810
0.98/21167

Comodo Security
Application.Win32.Instally.AD
23768

Dr.Web
Adware.Downware.12312
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Agent.AL
10.0.0.5366

ESET NOD32
Win32/Instally.B potentially unwanted application
7.0.302.0

F-Prot
W32/AdAgent.AV.gen
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.Agent
5.15.21

G Data
Application.Bundler.Agent.AL
15.12.25

IKARUS anti.virus
PUA.Instally
t3scan.1.9.5.0

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.562

MicroWorld eScan
Application.Bundler.Agent.AL
16.0.0.1047

NANO AntiVirus
Riskware.Win32.Agent.dvtwgb
1.0.10.5081

Norman
Application.Bundler.Agent.AL
12.12.2015 20:21:58

Panda Antivirus
Trj/Genetic.gen
15.12.15.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Quick Heal
Pua.Agent.016201
12.15.14.00

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.151213

Vba32 AntiVirus
AdWare.Agent
3.12.26.4

VIPRE Antivirus
Adware.Agent
45854

ViRobot
Trojan.Win32.AD-Agent.718336[h]
2014.3.20.0

Zillya! Antivirus
Adware.Agent.Win32.73031
2.0.0.2562

File size:
701.5 KB (718,336 bytes)

Product version:
2.5.00.01

Copyright:
(c)2014-2015

Original file name:
CI_utility

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\curse-client.exe

File PE Metadata
Compilation timestamp:
9/4/2015 7:11:37 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:caou4gq/IeCX1CL9NpJl3+CErW8H+Gz7fKuNz7RAPzbjDyOgYPnpk1uJ6SjZ9lW9:Gu4l/FCX1CL3ldZxuN5qbHyOgwnpk1ue

Entry address:
0x5970B

Entry point:
E8, 5A, 7E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 79, 97, 45, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, E7, 01, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
6.5777

Code size:
447.5 KB (458,240 bytes)

The file curse-client.exe has been seen being distributed by the following URL.

Remove curse-client.exe - Powered by Reason Core Security