set_cwafqlrx.exe

Super Click Interactive

The application set_cwafqlrx.exe by Super Click Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Flashy Authentic System Installer  (signed by Super Click Interactive)

Product:
Flashy Authentic System Installer

Version:
24.8.7.5725

MD5:
39fdd3f984afab4dc417a7fa029341b2

SHA-1:
38d9af11a072393ba8a582ea806fb46fbd15c088

SHA-256:
dd92fdfd4145b1771dec5d14aeae030020df30a9bf63f2fc5897513252e09e76

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:24:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin (M)
17.2.13.8

File size:
915.5 KB (937,504 bytes)

Product version:
24.8.7.5725

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\set_cwafqlrx.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/8/2015 11:56:38 PM

Valid to:
12/8/2016 11:56:38 PM

Subject:
CN=Super Click Interactive, O=Super Click Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
62A69E72E38AFE48

File PE Metadata
Compilation timestamp:
6/14/2015 5:55:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x25F5

Entry point:
E8, F6, BE, 00, 00, E9, 22, B7, 00, 00, CC, FF, 25, F0, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F8, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 16, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 1E, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 7C, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 55, 56, 57, 8B, 7C, 24, 14, 33, F6, 85, FF, 7E, 27, 8B, 5C, 24, 18, 8B, 2D, 84, 00, 41, 00, EB, 06, 8D, 9B, 00, 00, 00, 00, A1, 24, D1, 44, 00...
 
[+]

Entropy:
7.9598  (probably packed)

Code size:
57 KB (58,368 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to net-inst-ash.opera.com  (37.228.108.239:80)

TCP (HTTP):
Connects to post.securestudies.com  (165.193.78.234:80)

TCP (HTTP):
Connects to subs03-180-214-233-170.three.co.id  (180.214.233.170:80)

TCP (HTTP SSL):
Connects to a23-201-159-249.deploy.static.akamaitechnologies.com  (23.201.159.249:443)

TCP (HTTP):
Connects to a104-103-70-34.deploy.static.akamaitechnologies.com  (104.103.70.34:80)

TCP (HTTP):
Connects to a104-103-70-24.deploy.static.akamaitechnologies.com  (104.103.70.24:80)

TCP (HTTP):
Connects to a95-101-72-59.deploy.akamaitechnologies.com  (95.101.72.59:80)

TCP (HTTP):
Connects to a95-101-72-18.deploy.akamaitechnologies.com  (95.101.72.18:80)

TCP (HTTP SSL):
Connects to a23-37-49-137.deploy.static.akamaitechnologies.com  (23.37.49.137:443)

TCP (HTTP):
Connects to host-213.158.175.90.tedata.net  (213.158.175.90:80)

TCP (HTTP):
Connects to host-213.158.175.82.tedata.net  (213.158.175.82:80)

TCP (HTTP):
Connects to a92-123-180-194.deploy.akamaitechnologies.com  (92.123.180.194:80)

TCP (HTTP):
Connects to a92-123-180-184.deploy.akamaitechnologies.com  (92.123.180.184:80)

TCP (HTTP):
Connects to a92-122-48-59.deploy.akamaitechnologies.com  (92.122.48.59:80)

TCP (HTTP):

Remove set_cwafqlrx.exe - Powered by Reason Core Security