» net_protector_all_ve-137889711.exe
Overview
Analysis
File Details
Downloads (278)
Network (1)

net_protector_all_ve-137889711.exe

Super Click Interactive

The application net_protector_all_ve-137889711.exe by Super Click Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from int12.cdn.hw.integrateddebug.info and multiple other hosts.

File name:

Publisher:

Super Click Interactive (signed and verified)

MD5:

5fe2807a21f66c1221472660dfdb7732

SHA-1:

3967242b547ac0c604bcd9964e22b197025d01af

SHA-256:

b32260a25d9718b6fed1291e7f7aff4093749769a40e46e77216e91a3cf8b8c5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 6:52:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.DownloadAdmin.SuperCli (M)

16.6.1.18

File size:

505.3 KB (517,392 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\net_protector_all_ve-137889711.exe

Digital Signature

Signed by:

Super Click Interactive

Authority:

GoDaddy.com, Inc.

Valid from:

12/8/2015 10:56:38 AM

Valid to:

12/8/2016 10:56:38 AM

Subject:

CN=Super Click Interactive, O=Super Click Interactive, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

62A69E72E38AFE48

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.0

CTPH (ssdeep):

12288:v4FuNgi/CEXp3FoXL77+Q3uoECFZjUinv0oChP//Wz34nLBo:vyuNgi553+XL77+Q3uoXFZjUm8oChP/6

Entry address:

0x413D0

Entry point:

C6, 05, B0, 22, 44, 00, 00, B9, 00, 50, 45, 00, BA, 04, 50, 45, 00, B8, 60, 4A, 44, 00, E8, 65, FF, FF, FF, E8, 70, FF, FF, FF, B8, 40, 4A, 44, 00, E8, 26, FB, FC, FF, C3, 00, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, FF, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.0848

Code size:

257 KB (263,184 bytes)

The file net_protector_all_ve-137889711.exe has been seen being distributed by the following 50 URLs.

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=168960589&filename=Simple_Traffic_Excha.exe&cb=795944684&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=176504075&filename=SDFormatter_v4_0.exe&cb=-450422008&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=173053063&filename=_Nekonime_DxDBorN01_.exe&cb=-754462906&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=163287665&filename=kertashitam_com-Naru.exe&cb=-2125343375&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=175928765&filename=Parasite_in_City.exe&cb=-2057612327&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=135090419&filename=winsetupfromUSB-0_2_.exe&cb=-1325164697&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=175899679&filename=artmoneykg743eng.exe&cb=-904581724&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=166348435&filename=Hotspot_Shield_Free.exe&cb=680980490&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=177008967&filename=TSHEPZADJ_SWEETSOUND.exe&cb=-181203527&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=178582725&filename=Khurumulla_Obee_Fase.exe&cb=-1514256787&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=177443591&filename=Android_Eng_Configs.exe&cb=323379554&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=137939881&filename=www_webcepotmodern_b.exe&cb=2073523440&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=175611441&filename=1051_NeedforSpeed.exe&cb=168091693&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=135556723&filename=tools_v5_6.exe&cb=-77391801&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=178075075&filename=TELECom_Android_Anti.exe&cb=-1465581711&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=178286487&filename=CorelDRAW_X3_pkhacke.exe&cb=393320066&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=175652173&filename=AOMEIBAGAS31.exe&cb=1242728070&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=174451585&filename=X-Ways_WinHex_v18-ZW.exe&cb=-730809859&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=177216423&filename=MashBeatz-_Da808GodB.exe&cb=571275549&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=174119369&filename=ATH_-_Photoshop_CC_2.exe&cb=-160286408&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=177999469&filename=WE2012_1_0_11.exe&cb=-899543864&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=178017657&filename=maxblog.exe&cb=-1917432469&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=168272797&filename=Garrys_Mod_v14_07_13.exe&cb=2100189696&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=171627727&filename=Haxton_Polos.exe&cb=-131615508&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=167415921&filename=Crack.exe&cb=-1879341226&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=175807737&filename=Burn4Free_DVD_Copy.exe&cb=-1370138105&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=178515725&filename=DJ_Scott_-_Upington_.exe&cb=1634214339&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=176408189&filename=Cadillacs_amp_Dinosa.exe&cb=-249587781&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=161552909&filename=Microsoft_Toolkit_2_.exe&cb=2069443851&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

http://int12.cdn.hw.integrateddebug.info/dl-pure/1202983/.../?bc=1202983&checksum=178394425&filename=TheSoulCafe_Vol_8_Oc.exe&cb=-250242993&hashstring=asdfsdfsf2222&usefilename=true&executableroutePath=1203285&stub=true

Latest 30 of 278 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-72-234-46.compute-1.amazonaws.com (52.72.234.46:80)

Remove net_protector_all_ve-137889711.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.