home

classiconpath.exe

The application classiconpath.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 28157 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address bbc-vip016.cwwtf.bbc.co.uk on port 80 using the HTTP protocol.
MD5:
314d55b712476c22f7d1d64fdf80df47

SHA-1:
aaf97982237999e9c561723f6a06bef1a1ce3bb1

SHA-256:
09717ae6c471c14e33ff23277246a065ef2c50658a3c5f1b72cec4c501469c14

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 7:35:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.151597
901

Agnitum Outpost
PUA.Pirrit
7.1.1

Avira AntiVirus
TR/Graftor.151597
7.11.167.212

avast!
Win32:Adware-gen [Adw]
140813-1

AVG
Generic5
2015.0.3379

Bitdefender
Gen:Variant.Graftor.151597
1.0.20.1150

Clam AntiVirus
Win.Adware.Graftor-243
0.98/19392

Emsisoft Anti-Malware
Gen:Variant.Graftor.151597
8.14.08.18.11

ESET NOD32
Win32/AdWare.Pirrit
8.10274

F-Prot
W32/A-b613411b
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.151597
11.2014-21-09_1

G Data
Gen:Variant.Graftor.151597
14.8.24

IKARUS anti.virus
PUA.Pirrit
t3scan.1.7.8.0

K7 AntiVirus
Adware
13.183.13432

MicroWorld eScan
Gen:Variant.Graftor.151597
15.0.0.690

Panda Antivirus
Trj/Genetic.gen
14.08.18.11

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.21.14

VIPRE Antivirus
Threat.4150696
32938

File size:
163.5 KB (167,461 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\clipboardrecycleutility\classiconpath.exe

File PE Metadata
Compilation timestamp:
8/7/2014 10:47:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:rq5Ob5MFXUI9w0hCLIhrOFwPGacsj8tW9dXJuifKy0EOJfX:rEXUIlhCLQrOFwPGacspPXJuOKgOJ/

Entry address:
0x121E9

Entry point:
E8, 95, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B0, 67, 42, 00, 89, 0D, AC, 67, 42, 00, 89, 15, A8, 67, 42, 00, 89, 1D, A4, 67, 42, 00, 89, 35, A0, 67, 42, 00, 89, 3D, 9C, 67, 42, 00, 66, 8C, 15, C8, 67, 42, 00, 66, 8C, 0D, BC, 67, 42, 00, 66, 8C, 1D, 98, 67, 42, 00, 66, 8C, 05, 94, 67, 42, 00, 66, 8C, 25, 90, 67, 42, 00, 66, 8C, 2D, 8C, 67, 42, 00, 9C, 8F, 05, C0, 67, 42, 00, 8B, 45, 00, A3, B4, 67, 42, 00, 8B, 45, 04, A3, B8, 67, 42, 00, 8D, 45, 08, A3, C4, 67, 42...
 
[+]

Entropy:
6.3807

Code size:
107.5 KB (110,080 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:28157/

Local host port:
28157

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to bbc-vip016.cwwtf.bbc.co.uk  (212.58.246.95:80)

Remove classiconpath.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.