» csc.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

csc.exe

HowbaniSoft Internet Cafe System Client

HowbaniSoft Team - Yemen

The executable csc.exe has been detected as malware by 19 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘HISS_CLT’. While running, it connects to the Internet address 160.143.96.66.static.eigbox.net on port 80 using the HTTP protocol.

File name:

csc.exe

Publisher:

HowbaniSoft Team - Yemen

Product:

HowbaniSoft Internet Cafe System Client

Version:

7, 4, 1, 0

MD5:

641a8278e31d34ac48b85b2828541537

SHA-1:

bb995372a7247ddc55cd4b2e289e6e5593a744cd

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

4/24/2024 8:11:53 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.StartPage

7.1.1

Avira AntiVirus

TR/Comitsproc.A.419

7.11.179.8

avast!

Win32:Dropper-gen [Drp]

2014.9-141017

AVG

Win32/DH{gRKBE0GBDy17Q30DZ34gLlI}

2015.0.3318

Baidu Antivirus

Trojan.Win32.Comitsproc

4.0.3.141017

Comodo Security

UnclassifiedMalware

19815

Dr.Web

Trojan.StartPage.52883

9.0.1.0290

IKARUS anti.virus

Trojan.Win32.Comitsproc

t3scan.1.7.8.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3087

McAfee

Artemis!641A8278E31D

5600.6974

Microsoft Security Essentials

Trojan:Win32/Comitsproc!gmb

1.11005

NANO AntiVirus

Trojan.Win32.StartPage.cqligj

0.28.2.62671

Norman

Suspicious_Gen4.CECZL

11.20141017

Qihoo 360 Security

Win32/Trojan.e6d

1.0.0.1015

Quick Heal

Trojan.Comitsproc.r4

10.14.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.3AHQ13

7.2.290

Trend Micro

TROJ_SPNR.3AHQ13

10.465.17

VIPRE Antivirus

Trojan.Win32.Generic

33982

File size:

496 KB (507,940 bytes)

Product version:

7, 4, 1, 0

Trademarks:

Original file name:

CafeSysClt.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\csc.exe

File PE Metadata

Compilation timestamp:

11/23/2012 8:34:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:pVvdJnTy7c7F9kZhWDAwPLaXwsbVQ1Ilxp:rdlm7c7gZhWDcgsbVV

Entry address:

0x380CB

Entry point:

E8, 63, AD, 00, 00, E9, 16, FE, FF, FF, E8, 0B, A2, 00, 00, FF, 74, 24, 04, E8, 62, A0, 00, 00, FF, 35, E4, 5B, 46, 00, E8, 3A, 3F, 00, 00, 68, FF, 00, 00, 00, FF, D0, 83, C4, 0C, C3, 68, DC, 6B, 45, 00, FF, 15, 9C, F2, 44, 00, 85, C0, 74, 16, 68, CC, 6B, 45, 00, 50, FF, 15, A0, F2, 44, 00, 85, C0, 74, 06, FF, 74, 24, 04, FF, D0, C3, FF, 74, 24, 04, E8, D1, FF, FF, FF, 59, FF, 74, 24, 04, FF, 15, 3C, F3, 44, 00, CC, 6A, 08, E8, 25, 94, 00, 00, 59, C3, 6A, 08, E8, 44, 93, 00, 00, 59, C3, 56, 8B, F0, EB, 0B... 
[+]

Entropy:

6.3963

Code size:

312 KB (319,488 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HISS_CLT

Command:

C:\windows\csc.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 160.143.96.66.static.eigbox.net (66.96.143.160:80)

TCP (HTTP):

Connects to 65-254-229-20.yourhostingaccount.com (65.254.229.20:80)

Remove csc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.