» clipgrab-3.3.0.4.exe
Overview
Analysis
File Details
Downloads (14)

clipgrab-3.3.0.4.exe

ClipGrab

Philipp Schmieder

The application clipgrab-3.3.0.4.exe, “ClipGrab Setup ” by Philipp Schmieder has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.capitalvaultsbits.com and multiple other hosts.

File name:

Publisher:

Philipp Schmieder Medien (signed by Philipp Schmieder)

Product:

ClipGrab

Description:

ClipGrab Setup

Version:

3.3.0.4

MD5:

c409f92f9258974dbe4430f9c741e5ae

SHA-1:

8568e5906a1002015d71e4d0fa4389be2e6c79ee

SHA-256:

6ec6b032133703e0ac449ad7dcccfdcfe6f5eff21ecc7ffaf8b84b1998bc912f

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/23/2024 10:59:43 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

8.9372

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.11.29.7

File size:

15.8 MB (16,605,856 bytes)

Product version:

3.3.0.4

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\clipgrab-3.3.0.4.exe

Digital Signature

Signed by:

Philipp Schmieder

Authority:

StartCom Ltd.

Valid from:

10/28/2013 8:08:57 PM

Valid to:

10/29/2015 8:36:45 AM

Subject:

E=kontakt@vanbittern.com, CN=Philipp Schmieder, L=Seybothenreuth, S=Bayern, C=DE, Description=6a43d91AVdvSmlG3

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0B8C

File PE Metadata

Compilation timestamp:

3/17/2011 1:52:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:l5yX87/zOGu2689onjQ358srMUnANqDdJEryN9QY+7phtc:zKG689oji8/FARir69W7pU

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9991

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file clipgrab-3.3.0.4.exe has been seen being distributed by the following 14 URLs.

http://www.capitalvaultsbits.com/c?x=0rfS/zaYI53A6XmIjHuc Sl8pUzLbvdufRBzgeXf79k=&c=P2vHV6bIIiLUiZSQq0IET9JUYIwThrapOgmTN0r7q97ZwV/K1kroEaVIS1pFgblqTYPEx4Of9mg9gtUNw9//aHv 9enrhoDouUnd TP5JgO54J5xhqNqTa/L9v W0tUjk41U9TkeTL2UZEz/HSFoatIf6aIzM3b7uTecYZL9B5M=&e=0&downloadAs=ClipGrab Setup.exe&fallback_url=http://www.downloadfree7.com/ic/.../index.php

http://dl.cdn.chip.de/downloads/.../clipgrab-3.3.0.4.exe

http://www.capitalvaultsbits.com/c?x=mq/30F5cxqCyFZ/y7wqTgUobO54aU2Fm 6g61mMfahc=&c=d5OQwzdAjUJ7tZ3vMW2qs1DUpAxPPb14nvteH3pAPHD9s1QWYWknUMGdHSxUE55dNyEL8F25 tuqwS17EBdI80x/1sFMQPDy1 ivJJ4KzlEcB093e5fveACakbw1//x14WHVKDqGOSmtoPK8XAY3AsxZjQq18hsmYOU/2iBi/BI=&e=0&downloadAs=ClipGrab Setup.exe&fallback_url=http://www.downloadfree8.com/ic/.../index.php

http://www.capitalvaultsbits.com/yGQJhEi2CRKMooy p_KhatgjP26UDYxUQ5kVVuOCb3dpwI6VDSGTLXrkY2FOtJXf6U41uIJPC8nIsGfOC7Evf9M92jNREGG ur9klAQ2SvXtS6P6rHqdImTUm55jud3LF6H8uO9k bpqAXFKgphkkh_Zu8W4CbPkwcKMU_ 755BJa3bHz54qTer3yqveWodlSxDa3iaKgZTz3_1AcqTGzcGR7gYYA==-GywAAERPFtsfxMQDkg845ID92xPIEwo2xs51iPRyjZEf2AV0XPGVsv6sIOsx

http://www.capitalvaultsbits.com/GZFDdZwWDs1y5EKAbPPdWhQ5Hrc 608EQXHirX0zF6yIATqQ_9dAvNCEdzzl2xyN3Ybc4HpQCWKhMPyk5uguNMFhBbtkOUpiigneyswPrquJw3Ru5RUVFoA47Qvp12ap939IfVW9FPu3pC6OYgD5tSmmyU8F1tfYdewlAN2yQRfXxrk9_MTXxAcv6OVWBZEZdWI_x_d4mlriRtIMWAMN_ikD7PyspQ==-GywAAERPFtsfxMQDkg845ID92xPIEwo2xs51iPRyjZEf2AV0XPGVsv6sIOsx

http://www.capitalvaultsbits.com/0o1vB4BzuKrXTpYJ7drU5Msob FYYXnR9pZ8QjEKVetbWmNbyopPAntNyQ5IFnkNWboCAg4nNqFjwvqJqkP9p6mdfapMV7n0SjiPPtCnejVtupg7o4F_q9qX1OJwyM_tfihIghxbY5L7Sl2gbof9r96GT9h8k DubdnCP2BQlhOFxgAOW0pI0tgtUb7yqILQzYM73QYfsLTxEJj1iWzMlVSkf_ lrmC5rVSU0ilebxaLy_5U2hllW97SyHDOAcJD8RqX2Pmj825F2btWl6Jch7H6k_gN6ZuXsLMU3j_dPdgzmXGbK_jlY39wi9MMKPXiUAI9LFeUZw_GsCp2PjB8NOXsRmoq0lHvuXKh8wo ZeAi3im0Hts3RorgpkDupaubILL80CgmxXepSL7NoWNXDQJ PyO1efbCOqVayybh9HJTgx54z6MRy8mY3F9jbnxENoz_ckaSNneQcT16M6ln 2_XS0JG57F6ZkuqbQ8jQbG02JG6fAKGnExEMAYXKrILTs1wKkhJt1UegR6KK3Cd8gnMQdhgbugActUwyPgJrthkjqEOdZs=-GywAAERPFtsfxMQDkg845ID92xPIEwo2xs51iPRyjZEf2AV0XPGVsv6sIOsx-e

http://www.capitalvaultsbits.com/c?x=1L 2ryw77nPKVgzvIzUMWRjq5hii/s9/SY4Ptp1XVaY=&c=jVYaNEw6ycfgNGuutO4GtrQ6nZ0pqLucBtyi46omw yxrI8wuklfKfCC9J7yThqwF6w930XfC5ztjqOUOxGkSa4ZNRIpc6cjtqeOXskSI6ThULbeABNIfMRHFNaumG tNKUcQC5DLLA0qpw5bexQv5CuMAPJvOK88bs10Z1FpZs=&e=0&downloadAs=ClipGrab Setup.exe&fallback_url=http://www.downloadfree8.com/ic/.../index.php

http://www.capitalvaultsbits.com/c?x=DY1CW/OJ3GL zfXbCXRKNPSVYCwWQZCsqrlMzzOxKz4=&c=K6cXf9XEMU8UqxumVIwiA5VCMv sZ9HWWtuVTqFX5ZBcAuobe0vxeuwS2ZcQnXmzklmt5GuLoWUExQ/bff UCQI7Aq/Y2P06DsR/fKwQt5SnCtOzZMa76e0BdcKgKyCJjNF4Ci lwddP37wlH7awjKs70uyi1UAPbxXSt2KzOPU=&e=0&downloadAs=ClipGrab Setup.exe&fallback_url=http://www.downloadfree8.com/ic/.../index.php

http://www.downloadsbundlebyte.com/c?x=giPdHhvSNZbhLCcepGnQeDdpgHgp3 YJLyZXf1U8ric=&c=HrNhHPmDD1ml 2Bn74GcAXf1nH zuwJPgRiNn7HY1tLoXYTzq/ZDA8LAPnp3v8ybdYzQFv HSOJEzWfXfSUw3rIpK1hrC5H0nEysZsLrGnyoQQQ9 5XnwpsSvQEeblxogjpWFD7K71yVbKMgT8z0Bd/RYtQlzCtGMhTim5wIhpE=&e=0&downloadAs=ClipGrab Setup.exe&fallback_url=http://www.downloadfree9.com/landers/.../download.php

http://www.capitalvaultsbits.com/WVl6OTRQVFJITW5KTVkwc3pUVXBvU1VzMFpqaFpSRTl6UTJSUVQwNUJTemc1VjJ0cVkwNWlhRWh0YVdOS1JGVWxNMFFtWXoxTWRVaFBSV1ZCYkdvMFprNUtkRUUxWTBOaU4zaEJOVUZaWmxwR1kycEtXbnBRVmsxU1dIaFFOblJRYm1OYUpUSkNUVGN5YldsdVlUWkRjRXBJUVdod1NXZHhiM2tsTWtKd1FUSTJWR3dsTWtaS2F6UTFaVkY0UlRCMFJFcDZSRkZwUzIxMVRrRnBaMFp6V0RSd1MwUjJhRlI0UVhSMkpUSkNTRFZ0TmpWblJGUjBORE5pVTJOckptUnZkMjVzYjJGa1FYTTlRMnhwY0VkeVlXSXJVMlYwZFhBdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdkM2QzTG1SdmQyNXNiMkZrWm5KbFpUY3VZMjl0SlRKR2FXTWxNa1pqYkdsd1ozSmhZaVV5Um1sdVpHVjRMbkJvY0E9PQ==

http://www.stocktowersoftware.com/c?x=YQMp6XGx/UnRORSkvHnAQW95LHSZnF7rMAQaTPAfcdg=&c=SH9VL8WDONcknDh2wNWa2AsYeWN6qj3SbbDDXI1CT8tqMO8DM/2O vrwFrvh0dUMq0rSsxdU469c2U7LSE/55F1ucrh5wm1ORkIx9P5yjuZwheTXIz2rk5YcFRV6qAK1aRFH17JT657HDV/zbw73ByGjgl4Pirfbv/XllFqPvWWMzg6y oqg aIfgfDwbfzm&e=0&downloadAs=ClipGrab Setup.exe&fallback_url=http://www.downloadfree9.com/landers/.../download.php

http://clipgrab.de/.../clipgrab-3.3.0.4.exe

http://r2.computerbild.de/exec/r2r.pl?m=w-cobi;u=http://d.computerbild.de/downloads/.../clipgrab-3.3.0.4.exe

http://download.clipgrab.de/clipgrab-3.3.0.4.exe

Remove clipgrab-3.3.0.4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.