» curse-client.exe
Overview
Analysis
File Details
Downloads (1)

curse-client.exe

CI_utility

CI Utility

The application curse-client.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.instdl17.info.

File name:

curse-client.exe

Publisher:

CI Utility

Product:

CI_utility

Version:

2.2.19.44

MD5:

a66380b0bc9f2c8ceb9d0eeb841694c3

SHA-1:

e0bd003317a55b7e55acf478d82dbfddca4ec6da

SHA-256:

edc564cd0199b6aa938243033b72a52685841ad9cc988ba056768ab84609e40d

Scanner detections:

28 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 12:55:38 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Agent.AL

5727219

Agnitum Outpost

PUA.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2015.12.15

Avira AntiVirus

ADWARE/Agent.718336.3

8.3.2.4

avast!

Win32:PUP-gen [PUP]

151212-2

AVG

Generic36

2016.0.2895

Bitdefender

Application.Bundler.Agent.AL

1.0.20.1745

Clam AntiVirus

Win.Adware.Agent-56810

0.98/21167

Comodo Security

Application.Win32.Instally.AD

23768

Dr.Web

Adware.Downware.12312

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Agent.AL

10.0.0.5366

ESET NOD32

Win32/Instally.B potentially unwanted application

7.0.302.0

F-Prot

W32/AdAgent.AV.gen

v6.4.7.1.166

F-Secure

Riskware.Application.Bundler.Agent

5.15.21

G Data

Application.Bundler.Agent.AL

15.12.25

IKARUS anti.virus

PUA.Instally

t3scan.1.9.5.0

Kaspersky

not-a-virus:AdWare.Win32.Agent

15.0.0.562

MicroWorld eScan

Application.Bundler.Agent.AL

16.0.0.1047

NANO AntiVirus

Riskware.Win32.Agent.dvtwgb

1.0.10.5081

Norman

Application.Bundler.Agent.AL

12.12.2015 20:21:58

Panda Antivirus

Trj/Genetic.gen

15.12.15.08

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Quick Heal

Pua.Agent.016201

12.15.14.00

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.151213

Vba32 AntiVirus

AdWare.Agent

3.12.26.4

VIPRE Antivirus

Adware.Agent

45854

ViRobot

Trojan.Win32.AD-Agent.718336[h]

2014.3.20.0

Zillya! Antivirus

Adware.Agent.Win32.73031

2.0.0.2562

File size:

701.5 KB (718,336 bytes)

Product version:

2.5.00.01

Original file name:

CI_utility

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\curse-client.exe

File PE Metadata

Compilation timestamp:

9/4/2015 7:11:37 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:caou4gq/IeCX1CL9NpJl3+CErW8H+Gz7fKuNz7RAPzbjDyOgYPnpk1uJ6SjZ9lW9:Gu4l/FCX1CL3ldZxuN5qbHyOgwnpk1ue

Entry address:

0x5970B

Entry point:

E8, 5A, 7E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 79, 97, 45, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, E7, 01, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D... 
[+]

Entropy:

6.5777

Code size:

447.5 KB (458,240 bytes)

The file curse-client.exe has been seen being distributed by the following URL.

http://www.instdl17.info/.../?key=bmFtZT1DdXJzZStDbGllbnQmYXBwX25hbWU9Q3Vyc2UrQ2xpZW50JnZlcnNpb249NS4xJmRhdGFfdXBkPTMxK0F1ZysyMDE1JmZpbGVfbmFtZT1DdXJzZS1DbGllbnQuZXhlJmRvd25sb2FkX3VybD1odHRwcyUzQSUyRiUyRnMzLmFtYXpvbmF3cy5jb20lMkZmaW5kbXlzb2Z0LmRvd25sb2FkJTJGMjAxNSUyRjA4JTJGMzElMkZjdXJzZS1jbGllbnRfNS4xLmV4ZSZpY29uX3VybD1odHRwJTNBJTJGJTJGZmlsZXMuaW5zdGFsbC1leGUuY29tJTJGaWNvbiUyRjEzMTI0MC5wbmcmc3RvcmVkX3NpemU9MzkzLjArS0ImZmxvdz01MSZ0eXA9aHR0cCUzQSUyRiUyRnd3dy5pbnN0YWxsLWV4ZS5jb20mZGVidWc9ZmFsc2Umc2tfaWQ9MiZuZXdfc2lnbj0wJmVuY3J5cHQ9aHRtbC5lbmNvZGVkJmRvd25sb2FkX3Rlc3Q9dGVzdF9saW5rX2dlJnV0bV9jYW1wYWlnbj0xMzIzNzEwNTImdXRtX3NvdXJjZT1iaW5nYWRzJnV0bV9tZWRpdW09Y3BjJnV0bV9jb250ZW50PTM2Mzk2MjA3MDYmdXRtX3Rlcm09MzkzODYxNTA3MTQmaWRfc2Vzc2lvbj1raWJpcmdldmJqOXQ2ZGF2ZGZybGl2bmZmMSZpZF9zaXRlPTMmaWRfZm1zPTEzMTI0MA==

Remove curse-client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.