set_glyqnoal.exe

Super Click Interactive

The application set_glyqnoal.exe by Super Click Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Flashy Authentic System Installer  (signed by Super Click Interactive)

Product:
Flashy Authentic System Installer

Version:
24.8.7.5725

MD5:
254c0880a830d2501754bd706b43d158

SHA-1:
6c9f36feae46ef5e7f7eb82aea270482faf5a98d

SHA-256:
50a2ce7fa4dfb4f8902cb18ee564df00920fea3708404bab8d2ff4fd4ee5e749

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:27:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin (M)
17.2.15.17

File size:
915.5 KB (937,504 bytes)

Product version:
24.8.7.5725

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\set_glyqnoal.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/8/2015 6:56:38 PM

Valid to:
12/8/2016 6:56:38 PM

Subject:
CN=Super Click Interactive, O=Super Click Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
62A69E72E38AFE48

File PE Metadata
Compilation timestamp:
6/14/2015 1:55:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x25F5

Entry point:
E8, F6, BE, 00, 00, E9, 22, B7, 00, 00, CC, FF, 25, F0, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F8, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 16, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 1E, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 7C, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 55, 56, 57, 8B, 7C, 24, 14, 33, F6, 85, FF, 7E, 27, 8B, 5C, 24, 18, 8B, 2D, 84, 00, 41, 00, EB, 06, 8D, 9B, 00, 00, 00, 00, A1, 24, D1, 44, 00...
 
[+]

Entropy:
7.9598  (probably packed)

Code size:
57 KB (58,368 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to net-inst-ash.opera.com  (37.228.108.239:80)

TCP (HTTP):
Connects to a2-16-117-57.deploy.akamaitechnologies.com  (2.16.117.57:80)

TCP (HTTP):
Connects to post.securestudies.com  (165.193.78.234:80)

TCP (HTTP):
Connects to client-200.60.136.57.speedy.net.pe  (200.60.136.57:80)

TCP (HTTP):
Connects to 138.201-148-68.bestel.com.mx  (201.148.68.138:80)

TCP (HTTP):
Connects to tswc8b210.netvigator.com  (219.76.10.210:80)

TCP (HTTP):
Connects to host-213.158.175.82.tedata.net  (213.158.175.82:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-205-87-81.deploy.static.akamaitechnologies.com  (23.205.87.81:443)

TCP (HTTP):
Connects to 86-121-249-34.rdsnet.ro  (86.121.249.34:80)

TCP (HTTP):
Connects to a84-53-132-226.deploy.akamaitechnologies.com  (84.53.132.226:80)

TCP (HTTP SSL):
Connects to a23-49-51-237.deploy.static.akamaitechnologies.com  (23.49.51.237:443)

TCP (HTTP):
Connects to a104-95-190-10.deploy.static.akamaitechnologies.com  (104.95.190.10:80)

Remove set_glyqnoal.exe - Powered by Reason Core Security