Concrete signature match: PUA for 32-bit Windows platform, family ClickAthlete
PUA:Win32/ClickAthlete is a Potentially Unwanted Application leveraging advanced techniques like process hooking, scheduled tasks, and the abuse of Windows utilities (e.g., mshta, regsvr32, PowerShell, BITS) for execution, persistence, and potentially remote file operations. This concrete detection signifies a threat capable of significant system manipulation and persistent presence.
Relevant strings associated with this threat: - !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT) - rundll32 (PEHSTR_EXT) - !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT) - !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT) - !#HSTR:ExecutionGuardrails (PEHSTR_EXT) - !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT) - !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT) - !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)
22181ae0b2b08c7fd4ac5150b91a5670262ee8449c939631f7410c7bde91b28c6738fe4a37ead329c53378a3eb38f3d2de7594a7189061c8e08a7e988887b665Isolate the affected system immediately. Perform a full system scan with updated antivirus software to remove PUA:Win32/ClickAthlete and associated components. Review and remove any suspicious scheduled tasks or startup entries, reset web browsers, and ensure all operating system and software patches are applied.