minecraft_1254-461441.exe

Super Click Interactive

The application minecraft_1254-461441.exe by Super Click Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from files4.displayphone.info and multiple other hosts. While running, it connects to the Internet address 8c.3f.1632.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Super Click Interactive  (signed and verified)

MD5:
e53407402249af6c856a5bfc6b4d5ebf

SHA-1:
b820532f15364efb056436070f98c14ad6a544cf

SHA-256:
afb03dd946042c64ec983d8479c7967c21a6ddd413e41d48ec78c7e83bb828d9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 6:17:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin.SuperCli (M)
16.6.1.20

File size:
505.2 KB (517,368 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\minecraft_1254-461441.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/8/2015 12:56:38 PM

Valid to:
12/8/2016 12:56:38 PM

Subject:
CN=Super Click Interactive, O=Super Click Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
62A69E72E38AFE48

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.0

CTPH (ssdeep):
12288:64FuNgi/CEXp3FoXL77+Q3uoECFZjUinv0oChP//Wz34nLBm:6yuNgi553+XL77+Q3uoXFZjUm8oChP/M

Entry address:
0x413D0

Entry point:
C6, 05, B0, 22, 44, 00, 00, B9, 00, 50, 45, 00, BA, 04, 50, 45, 00, B8, 60, 4A, 44, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 40, 4A, 44, 00, E8, 26, FB, FC, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0847

Code size:
257 KB (263,184 bytes)

The file minecraft_1254-461441.exe has been seen being distributed by the following 50 URLs.

http://files4.displayphone.info/dl-pure/1171856/.../?bc=1171856&checksum=185297293&cb=174087233&usefilename=true&executableroutePath=1203285&stub=true

http://files4.computingaccess.info/dl-pure/1187543/.../?bc=1187543&checksum=897307&cb=-1973540618&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/1171842/.../?bc=1171842&checksum=160138393&cb=631421892&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/1171842/.../?bc=1171842&checksum=803319&cb=2007651322&usefilename=true&executableroutePath=1203285&stub=true

http://files4.genuinememory.info/dl-pure/1108968/.../?bc=1108968&checksum=159371647&filename=flash_update.exe&cb=1406145117&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140351261&cb=88977687&usefilename=true&executableroutePath=1203285&stub=true

http://files4.downloadtrunk116.com/dl-pure/1200645/.../?bc=1200645&checksum=137898495&cb=-166387579&usefilename=true&executableroutePath=1203285&stub=true

http://files4.downloadnet1040.com/dl-pure/1071300/.../?bc=1071300&checksum=36777297&cb=1608865338&usefilename=true&executableroutePath=1203285&stub=true

http://files4.securedownload01.com/dl-pure/1131452/.../?bc=1131452&checksum=173474137&cb=-173843065&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140354877&cb=1311916029&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/1184523/.../?bc=1184523&checksum=179995047&cb=40936009&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/1191803/.../?bc=1191803&checksum=2897649&cb=1355423904&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140407535&cb=1438301365&usefilename=true&executableroutePath=1203285&stub=true

http://files4.downloadnet260.com/dl-pure/1080452/.../?bc=1080452&checksum=166438281&cb=-1690787664&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140407535&cb=739160166&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140301387&cb=-1243008285&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/1191803/.../?bc=1191803&checksum=3650505&cb=-1809047341&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140301387&cb=1116001283&usefilename=true&executableroutePath=1203285&stub=true

http://files4.downloadnet260.com/dl-pure/1080452/.../?bc=1080452&checksum=169957&cb=-895696224&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140301387&cb=-1097610184&usefilename=true&executableroutePath=1203285&stub=true

http://files4.mintbasic.info/dl-pure/1201279/.../?bc=1201279&checksum=103606655&filename=ipadian3.exe&cb=-292922950&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/1191803/.../?bc=1191803&checksum=780811&cb=1335984726&usefilename=true&executableroutePath=1203285&stub=true

http://files4.vlc.cm/dl-pure/1202967/.../?bc=1202967&checksum=134645101&cb=303431437&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/1171842/.../?bc=1171842&checksum=160138393&cb=1361967117&usefilename=true&executableroutePath=1203285&stub=true

http://files4.filefly528.com/dl-pure/1125224/.../?bc=1125224&checksum=182645077&filename=Dream League Soccer 2016 Setup.exe&cb=877781802&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140351261&cb=-163418974&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140301387&cb=-1966974950&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140301387&cb=-1256318492&usefilename=true&executableroutePath=1203285&stub=true

http://files4.genuinememory.info/dl-pure/1108968/.../?bc=1108968&checksum=168181039&filename=flash_update.exe&cb=1890241885&usefilename=true&executableroutePath=1203285&stub=true

http://files4.displayphone.info/dl-pure/5179/.../?bc=5179&checksum=140407535&cb=912358946&usefilename=true&executableroutePath=1203285&stub=true

Latest 30 of 121 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 8c.3f.1632.ip4.static.sl-reverse.com  (50.22.63.140:80)

TCP (HTTP):
Connects to 8a.3f.1632.ip4.static.sl-reverse.com  (50.22.63.138:80)

Remove minecraft_1254-461441.exe - Powered by Reason Core Security