home

utilclingclang.exe

Cling Clang

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilclingclang.exe by Cling Clang has been detected as adware by 8 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Cling Clang”. This file is typically installed with the program Cling Clang by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Cling Clang  (signed and verified)

Version:
1.0.5073.26658

MD5:
f98e6ff1988b5a86f452688b10b50364

SHA-1:
6dc4136ad75e408cc863c9c4e468c9039da7ef02

SHA-256:
097fcce4a0afb5c89b781e21f2022c6c9db7d94f15c4cad21bb639ed4aa8ba8b

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 2:09:14 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Cling
2015.0.3499

Emsisoft Anti-Malware
Adware.ClingClang
9.0.0.4324

ESET NOD32
Win32/BrowseFox.G potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.ClingClang.A
v2014.04.19.06

McAfee
Artemis!F98E6FF1988B
5600.7155

Reason Heuristics
PUP.Service.ClingClang.O
14.4.19.18

Trend Micro House Call
TROJ_GEN.F47V0307
7.2.109

VIPRE Antivirus
Threat.4741131
32210

File size:
65.3 KB (66,848 bytes)

Product version:
1.0.5073.26658

Original file name:
ClingClang.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\cling clang\bin\utilclingclang.exe

Digital Signature
Signed by:
Cling Clang

Authority:
VeriSign, Inc.

Valid from:
10/7/2013 2:00:00 AM

Valid to:
10/8/2014 1:59:59 AM

Subject:
CN=Cling Clang, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Cling Clang, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5D74FBB0061E5BD76029878075B12101

File PE Metadata
Compilation timestamp:
11/21/2013 3:48:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:aPrrMioL9HaiXJhdOelKSoWfL3kGam5m0U1kgbxSTUz:KvRgBX5ht+nm5m0U1Hbswz

Entry address:
0x101BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, E0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
56.5 KB (57,856 bytes)

Service
Display name:
Update Cling Clang

Type:
Win32OwnProcess


The file utilclingclang.exe has been discovered within the following program.

Cling Clang  by Yontoo Technology, Inc.
Cling Clang is a variant of the Web Cake adware. It is a web browser extension that will modify the user's home and search providers as well as display contextual and popup advertising in the browser.
clingclang.biz/support
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to na-193-225.static.avantel.net.mx  (148.245.193.225:80)

Remove utilclingclang.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.