» 4_cae05d5d-3915-4358-8776-b427863e6106.exe
Overview
Analysis
File Details
Downloads (1)

4_cae05d5d-3915-4358-8776-b427863e6106.exe

BoBrowser Installer

ClaraLabSoftware

The application 4_cae05d5d-3915-4358-8776-b427863e6106.exe by ClaraLabSoftware has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from vzbucket.clara-labs.com.

File name:

Publisher:

The BoBrowser Authors (signed by ClaraLabSoftware)

Product:

BoBrowser Installer

Version:

45.0.2454.126

MD5:

a97a6c4d1cd6d87dce589ad7ef2d982d

SHA-1:

0e97593924f4f97582404b6cb434327b235ff2d1

SHA-256:

9a2cce68eeac83d230bbb48802d1e28eec475050c20da712ad95af865c09d53a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/30/2024 7:05:39 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ClaraLabSoftware.Installer (M)

16.1.21.4

File size:

39.7 MB (41,645,680 bytes)

Product version:

45.0.2454.126

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\4_cae05d5d-3915-4358-8776-b427863e6106.exe

Digital Signature

Signed by:

ClaraLabSoftware

Authority:

GlobalSign nv-sa

Valid from:

1/20/2015 5:40:38 AM

Valid to:

1/21/2016 5:40:38 AM

Subject:

CN=ClaraLabSoftware, O=ClaraLabSoftware, L=Paris, C=FR

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112123154E5E0FD1C6C84C77F8890B7472E0

File PE Metadata

Compilation timestamp:

12/30/2015 10:54:13 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:IVeVVTq3jLlRYTwbS8VyZTg2//RwVWx2H6ZVbecNchMc9nE:IqTq3n3YTwbS8VnSZ2Wx2aZxNgpE

Entry address:

0x213F

Entry point:

6A, 00, FF, 15, B4, 40, 40, 00, 50, E8, 98, 09, 00, 00, 59, 50, FF, 15, A0, 40, 40, 00, CC, 55, 8B, EC, 81, EC, 14, 02, 00, 00, 53, 56, 8B, 75, 14, 85, F6, 0F, 84, BE, 00, 00, 00, FF, 75, 08, 8D, 4D, F8, FF, 75, 0C, FF, 75, 10, E8, EE, 0C, 00, 00, 8D, 4D, F8, E8, 0B, 0D, 00, 00, 84, C0, 0F, 84, 9D, 00, 00, 00, 8D, 4D, F8, E8, 03, 0D, 00, 00, 83, F8, 01, 0F, 82, 8C, 00, 00, 00, 8D, 4D, F8, E8, F2, 0C, 00, 00, 3B, 05, E8, 14, 40, 00, 77, 7C, FF, 36, 33, C0, BB, 04, 01, 00, 00, 66, 89, 45, F4, 66, 89, 85, EC... 
[+]

Packer / compiler:

FASM v1.3x

Code size:

8 KB (8,192 bytes)

The file 4_cae05d5d-3915-4358-8776-b427863e6106.exe has been seen being distributed by the following URL.

http://vzbucket.clara-labs.com/dde5a5b2-e3f2-4725-94b9-0e16aa7fec5d/build/.../cae05d5d-3915-4358-8776-b427863e6106.exe

Remove 4_cae05d5d-3915-4358-8776-b427863e6106.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.