home

clipyhd.exe

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application clipyhd.exe by Naruto Source has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Naruto Source  (signed and verified)

Description:
Dwavxwkozhkwkg

Version:
16.16.3.12

MD5:
a1642ade910c5e51340ced70b22569cf

SHA-1:
f4ab91df28646a74ac0480235e0db6427d44ad15

SHA-256:
e7bf4f3f3aa81d35c07cf7013a2632f458d4480b3ced210e5f9c137abc516a39

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
4/26/2024 9:15:36 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Solimba
2014.08.26

Avira AntiVirus
Adware/CrossRider.pq
7.11.169.72

AVG
Generic
2015.0.3364

Clam AntiVirus
Win.Adware.Agent-6597
0.98/21411

Dr.Web
Trojan.Crossrider.29966
9.0.1.0244

IKARUS anti.virus
PUA.Plush
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.3315

Malwarebytes
PUP.Optional.CrossRider
v2014.09.01.10

McAfee
Artemis!A1642ADE910C
5600.7020

Panda Antivirus
Trj/Chgt.D
14.09.01.10

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.NarutoSource.H
14.9.1.22

Sophos
Generic PUA PE
4.98

File size:
9.7 MB (10,187,944 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\clipyhd.exe

Digital Signature
Signed by:
Naruto Source

Authority:
COMODO CA Limited

Valid from:
7/27/2014 7:00:00 PM

Valid to:
7/28/2015 6:59:59 PM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
12/4/2012 7:55:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:PDSnI3jnhUsdpT4Bs20bvf2pKsfv2Du1nDy5mDpkEIGCL6ZbJYxsxtobKI:PD4I3jnhh/0Bs20bvf2pVv3dZpkEIrLD

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9990  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Remove clipyhd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.