home

Clownfish.exe

Clownfish for Skype

Bogdan Sharkov

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Clownfish’. This file is installed with the program Clownfish for Skype. The file has been seen being downloaded from download1980.mediafire.com.
Publisher:
Bogdan Sharkov  (signed and verified)

Product:
Clownfish for Skype

Version:
3.12

MD5:
e82188d1e2279b204ec77c2579691a59

SHA-1:
45dc74d3d0a031b2e12c3374177e0653593d9925

SHA-256:
c5d237360474270af73208e707ed63eb62a840bacfedb6fb849e72d19701e345

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/23/2024 10:23:04 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Suspicious
17332

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
1.2 MB (1,251,064 bytes)

Product version:
3.12

Copyright:
Copyright (C) 2011-2013 Bogdan Sharkov

Original file name:
Clownfish.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\clownfish\clownfish.exe

Digital Signature
Signed by:
Bogdan Sharkov

Authority:
COMODO CA Limited

Valid from:
2/10/2012 3:00:00 AM

Valid to:
2/10/2014 2:59:59 AM

Subject:
CN=Bogdan Sharkov, O=Bogdan Sharkov, STREET=Gotze Delchev 41A, L=Sofia, S=Outside United States, PostalCode=1404, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0C3DEE653C5773904BD39374E9A9B249

File PE Metadata
Compilation timestamp:
1/21/2013 11:25:34 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:Gd5bNN65CBf64hedd7feX+tYkhGF3ByKqS24F3:EOeX+tVhGFFDF3

Entry address:
0x7FAB0

Entry point:
E8, CB, E6, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 53, 8B, 5D, 10, 85, DB, 75, 07, 33, C0, E9, 9A, 00, 00, 00, 57, 83, FB, 04, 72, 75, 8D, 7B, FC, 85, FF, 76, 6E, 8B, 4D, 0C, 8B, 45, 08, 8A, 10, 83, C0, 04, 83, C1, 04, 84, D2, 74, 52, 3A, 51, FC, 75, 4D, 8A, 50, FD, 84, D2, 74, 3C, 3A, 51, FD, 75, 37, 8A, 50, FE, 84, D2, 74, 26, 3A, 51, FE, 75, 21, 8A, 50, FF, 84, D2, 74, 10, 3A, 51, FF, 75, 0B, 83, 45, FC, 04, 39, 7D, FC, 72, C2, EB, 3F, 0F, B6, 40, FF, 0F, B6, 49, FF, EB, 46...
 
[+]

Entropy:
6.6058

Code size:
632 KB (647,168 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Clownfish

Command:
"C:\Program Files\clownfish\clownfish.exe"


The file Clownfish.exe has been discovered within the following programs.

Clownfish for Skype  by Bogdan Sharkov
Publisher's description - “Clownfish is an online translator for all your messages. Just write in your native language and the recipient will receive the translated message.”
48% remove it
 
Powered by Should I Remove It?

The file Clownfish.exe has been seen being distributed by the following URL.

http://download1980.mediafire.com/nt3jq22mdmng/.../Clownfish.exe

Scan Clownfish.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.