home

310714_bb.exe

Clara

CLARALABSOFTWARE

The application 310714_bb.exe by CLARALABSOFTWARE has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.2ndrequest.me.
Publisher:
ClaraLabs  (signed by CLARALABSOFTWARE)

Product:
Clara

Description:
ClaraSetup

Version:
1.4.4.1

MD5:
857dde7fd4921f5fc24bd8c395d0426a

SHA-1:
2baae98f8310f55df01bdbc60bdccf8eefb7752a

SHA-256:
cafa7e9bc6a3dcf16428b11c19160be4d974c893e318c1a72777fabb4939c1fd

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 8:39:52 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Clara.A
v2014.10.11.03

Reason Heuristics
PUP.Installer.CLARALABSOFTWARE.J
14.11.21.23

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
800.1 KB (819,320 bytes)

Product version:
1.40.4.1

Copyright:
(c) Clara Labs. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\310714_bb.exe

Digital Signature
Signed by:
CLARALABSOFTWARE

Authority:
GlobalSign nv-sa

Valid from:
7/29/2014 8:13:08 AM

Valid to:
7/30/2015 8:13:08 AM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E6E5C72C946A5248674AB7B56E24B246

File PE Metadata
Compilation timestamp:
10/2/2014 9:29:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:uCfoq+qSM6oxFxjWoXzy5sY63BIle1bnw:1sqSM6VoXzy5snI41bnw

Entry address:
0x179FF

Entry point:
E8, 16, D0, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 64, 22, 44, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 04, 06, 44, 00, 01, 0F, 82, F1, D0, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2...
 
[+]

Code size:
194 KB (198,656 bytes)

The file 310714_bb.exe has been seen being distributed by the following URL.

http://www.2ndrequest.me/.../310714_bb.exe

Remove 310714_bb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.