home

app.exe

Super Click Interactive

The application app.exe by Super Click Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from service.downloadadmin.com a known adware distribution point operated by Download Admin.
Publisher:
Super Click Interactive  (signed and verified)

Product:
Super Click Interactive

Version:
79.7.5.4244

MD5:
9b46e3dbcacef2f45aada7e4cd19dc04

SHA-1:
f7653528fff9062408272c95cdb92158df04b033

SHA-256:
b7740829fb02c63d362d0ca3432fbce3baeec62bb579fc2d254c0166d6610cc2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/10/2024 10:35:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin.SuperCli.Installer (M)
16.6.21.14

File size:
894.3 KB (915,720 bytes)

Product version:
79.7.5.4244

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\app.exe

Digital Signature
Signed by:
Super Click Interactive

Authority:
GoDaddy.com, Inc.

Valid from:
12/8/2015 4:56:38 PM

Valid to:
12/8/2016 4:56:38 PM

Subject:
CN=Super Click Interactive, O=Super Click Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
62A69E72E38AFE48

File PE Metadata
Compilation timestamp:
5/10/2015 1:58:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:MGDODtnI4dJA9q539UgQmOQEBUL3AoWvVmRevj5RuW:0/NUIEBUL7WkR8qW

Entry address:
0x1356

Entry point:
E8, 25, D1, 00, 00, E9, 4F, C9, 00, 00, 51, A1, 04, B0, 45, 00, 8D, 0C, 24, 51, 68, 08, B0, 45, 00, 89, 44, 24, 08, E8, D8, AB, 00, 00, 8B, 15, C0, 7F, 46, 00, 8D, 44, 24, 08, 50, 68, 80, 7D, 46, 00, 89, 54, 24, 10, E8, BF, AB, 00, 00, 8B, 0D, 5C, CC, 45, 00, 8D, 54, 24, 10, 52, 68, 60, CC, 45, 00, 89, 4C, 24, 18, E8, A6, AB, 00, 00, A1, 58, 85, 46, 00, 8D, 4C, 24, 18, 51, 68, A8, 80, 46, 00, 89, 44, 24, 20, E8, 8E, AB, 00, 00, 8B, 15, F8, 87, 46, 00, 8D, 44, 24, 20, 50, 68, D0, 86, 46, 00, 89, 54, 24, 28...
 
[+]

Code size:
57 KB (58,368 bytes)

The file app.exe has been seen being distributed by the following URL.

http://service.downloadadmin.com/download/.../dl?bc=1191699&pid=nextad&brand=nextad&aid=test_aid&s=test_source&c=4s&country=US&variation=cpl-run&osName=Windows&osVersion=7&browserName=Chrome&browserVersion=44&secure=true&productKey=uiwyinstib2sbsaelii4fo2dcvixwquq

Remove app.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.