set_bspsfwbv.exe

Super Click Interactive

The application set_bspsfwbv.exe by Super Click Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Flashy Authentic System Installer  (signed by Super Click Interactive)

Product:
Flashy Authentic System Installer

Version:
24.8.7.5725

MD5:
35f5cb2bc5bbb7bf608c3ad17709e071

SHA-1:
fe4e4afec35028a8a0ad3f715d8d4d8d0f40c3a7

SHA-256:
4e3d6f1e596d517711aaeb46ebbf71b9baabbb3e20a4f8d43f5f882d0e7bd5ef

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/19/2024 8:18:31 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadAdmin (M)
17.3.3.1

File size:
915.5 KB (937,504 bytes)

Product version:
24.8.7.5725

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\set_bspsfwbv.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/8/2015 6:56:38 PM

Valid to:
12/8/2016 6:56:38 PM

Subject:
CN=Super Click Interactive, O=Super Click Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
62A69E72E38AFE48

File PE Metadata
Compilation timestamp:
6/14/2015 12:55:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x25F5

Entry point:
E8, F6, BE, 00, 00, E9, 22, B7, 00, 00, CC, FF, 25, F0, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, F8, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 16, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 80, 1E, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 7C, 1D, 46, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 55, 56, 57, 8B, 7C, 24, 14, 33, F6, 85, FF, 7E, 27, 8B, 5C, 24, 18, 8B, 2D, 84, 00, 41, 00, EB, 06, 8D, 9B, 00, 00, 00, 00, A1, 24, D1, 44, 00...
 
[+]

Code size:
57 KB (58,368 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to a88-221-254-187.deploy.akamaitechnologies.com  (88.221.254.187:80)

TCP (HTTP):
Connects to post.securestudies.com  (165.193.78.234:80)

TCP (HTTP):
Connects to a88-221-254-184.deploy.akamaitechnologies.com  (88.221.254.184:80)

TCP (HTTP):
Connects to rev170.97.nstelecablecr.com  (190.113.97.170:80)

TCP (HTTP SSL):
Connects to a172-226-219-122.deploy.static.akamaitechnologies.com  (172.226.219.122:443)

TCP (HTTP):
Connects to a104-116-245-34.deploy.static.akamaitechnologies.com  (104.116.245.34:80)

TCP (HTTP):
Connects to a104-116-245-18.deploy.static.akamaitechnologies.com  (104.116.245.18:80)

TCP (HTTP):
Connects to 201-0-220-49.dial-up.telesp.net.br  (201.0.220.49:80)

TCP (HTTP):
Connects to 201-0-220-10.dial-up.telesp.net.br  (201.0.220.10:80)

TCP (HTTP):
Connects to net-inst-ash.opera.com  (37.228.108.239:80)

TCP (HTTP):
Connects to i32.158.178.82.omantel.net.om  (82.178.158.32:80)

TCP (HTTP):
Connects to host-62-24-200-25.as13285.net  (62.24.200.25:80)

TCP (HTTP):
Connects to host-62-24-200-20.as13285.net  (62.24.200.20:80)

TCP (HTTP):
Connects to customer-TOR-201-50.megared.net.mx  (201.132.201.50:80)

TCP (HTTP):
Connects to customer-TOR-201-49.megared.net.mx  (201.132.201.49:80)

TCP (HTTP):
Connects to cache.akamai.net  (177.91.191.202:80)

TCP (HTTP):
Connects to a104-96-90-194.deploy.static.akamaitechnologies.com  (104.96.90.194:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-103-70-34.deploy.static.akamaitechnologies.com  (104.103.70.34:80)

Remove set_bspsfwbv.exe - Powered by Reason Core Security