6 [EJIE Clover]

Post details of freeware that are found to be not portable here. Posts in the submissions forum relating to freeware found to be not portable should also be moved here.
Post Reply
Message
Author
juverax
Posts: 123
Joined: Mon Jun 11, 2018 5:19 am

Re: EJIE Clover

#1 Post by juverax » Sun Feb 09, 2020 9:09 am

I checked the "portable unrared" version of clover for possible malware infection.

All the files (exe and dll) in the rar are infected, mostly with "softcnapp" (read the report at: https://www.trendmicro.com/vinfo/us/thr ... ftcnapp.ga, it mentions clearly that "clover" contains the malware. Trendmicro most probably analysed the non-portable version downloaded from http://cn.ejie.me/download.html).
Note that this page states: Avira Anti-Virus is detecting Clover as a false positive, do not worry.

Here is the results of the analysis of clover (portable version) by virustotal.com :

clover.exe VTotal = 12-71
https://www.virustotal.com/gui/file/a7a ... /detection
----------------------------
CloverAss.exe VTotal = 4-69
https://www.virustotal.com/gui/file/5ed ... /detection
----------------------------
cloversvc.exe VTotal = 24-72
https://www.virustotal.com/gui/file/12a ... /detection
----------------------------
ClvClient.exe VTotal = 9-70
https://www.virustotal.com/gui/file/849 ... /detection
-----------------------------
ClvRate.exe VTotal = 10-70
https://www.virustotal.com/gui/file/e9e ... /detection
------------------------------
ClvUtility.exe VTotal = 12-69
https://www.virustotal.com/gui/file/d97 ... /detection
------------------------------
DuiLib_u.dll VTotal = 4-68
https://www.virustotal.com/gui/file/fee ... /detection
------------------------------
libeay32.dll VTotal = 4-69
https://www.virustotal.com/gui/file/430 ... /detection
------------------------------
node.dll VTotal = 3-67
https://www.virustotal.com/gui/file/12d ... /detection
------------------------------
ssleay32.dll VTotal = 3-69
https://www.virustotal.com/gui/file/7ed ... /detection
------------------------------
TabHelper32.dll VTotal = 4-62
https://www.virustotal.com/gui/file/8c2 ... /detection
------------------------------
TabHelper64.dll VTotal = 4-69
https://www.virustotal.com/gui/file/23c ... /detection
------------------------------
UserPage VTotal = 9-71
https://www.virustotal.com/gui/file/903 ... /detection


As for Softpedia ... they clearly do not check individual files in the installer ... Good to know!

Post Reply