set_odspzbsj.exe

Super Click Interactive

The application set_odspzbsj.exe by Super Click Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Flashy Authentic System Installer  (signed by Super Click Interactive)

Product:
Flashy Authentic System Installer

Version:
24.8.7.5725

MD5:
b3f3cb9a266b6a7d329dd8ca63dd0abd

SHA-1:
128c8ce79892341f18ee4b8dabe59e35ee2be76b

SHA-256:
b111b9c82205fac61158764cc93da77c453bdda912d320022cf0570c39c4e786

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 5:18:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin (M)
17.2.28.10

File size:
915.5 KB (937,504 bytes)

Product version:
24.8.7.5725

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\set_odspzbsj.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/8/2015 9:56:38 PM

Valid to:
12/8/2016 9:56:38 PM

Subject:
CN=Super Click Interactive, O=Super Click Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
62A69E72E38AFE48

File PE Metadata
Compilation timestamp:
6/14/2015 3:55:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x25F5

Entry point:
E8, F6, BE, 00, 00, E9, 22, B7, 00, 00, CC, FF, 25, F0, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F8, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 16, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 1E, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 7C, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 55, 56, 57, 8B, 7C, 24, 14, 33, F6, 85, FF, 7E, 27, 8B, 5C, 24, 18, 8B, 2D, 84, 00, 41, 00, EB, 06, 8D, 9B, 00, 00, 00, 00, A1, 24, D1, 44, 00...
 
[+]

Entropy:
7.9598  (probably packed)

Code size:
57 KB (58,368 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to post.securestudies.com  (165.193.78.234:80)

TCP (HTTP):

TCP (HTTP):
Connects to a95-101-72-59.deploy.akamaitechnologies.com  (95.101.72.59:80)

TCP (HTTP):
Connects to a5-22-191-240.deploy.akamaitechnologies.com  (5.22.191.240:80)

TCP (HTTP):
Connects to a5-22-191-234.deploy.akamaitechnologies.com  (5.22.191.234:80)

TCP (HTTP SSL):
Connects to a23-37-49-137.deploy.static.akamaitechnologies.com  (23.37.49.137:443)

TCP (HTTP):
Connects to cpng-r2-b217.time.net.my  (203.121.59.217:80)

TCP (HTTP):
Connects to cpng-r2-b200.time.net.my  (203.121.59.200:80)

TCP (HTTP SSL):
Connects to a23-199-153-47.deploy.static.akamaitechnologies.com  (23.199.153.47:443)

TCP (HTTP):
Connects to a104-103-70-24.deploy.static.akamaitechnologies.com  (104.103.70.24:80)

Remove set_odspzbsj.exe - Powered by Reason Core Security