home

abff2259-d180-4e87-a572-6bb9d692ad1e.exe

BoBrowser Installer

CLARALABSOFTWARE

The application abff2259-d180-4e87-a572-6bb9d692ad1e.exe by CLARALABSOFTWARE has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from vzbucket.clara-labs.com.
Publisher:
The BoBrowser Authors  (signed by CLARALABSOFTWARE)

Product:
BoBrowser Installer

Version:
36.0.1985.127

MD5:
93f30d2895adf742f1f21ac10482168a

SHA-1:
be9a3674fbfc19dbf5255e1ab78ca17af6eacb63

SHA-256:
4a5ed6ed4d94e7c0fc40acaaa0ad5416ef346c78e24a34c4d1833f1e5f3aef67

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 7:26:04 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
Malware.QVM39.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.CLARALABSOFTWARE.e
14.11.21.23

File size:
36 MB (37,780,104 bytes)

Product version:
36.0.1985.127

Copyright:
Copyright 2014 The BoBrowser Authors. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\abff2259-d180-4e87-a572-6bb9d692ad1e.exe

Digital Signature
Signed by:
CLARALABSOFTWARE

Authority:
GlobalSign nv-sa

Valid from:
7/29/2014 9:13:08 AM

Valid to:
7/30/2015 9:13:08 AM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E6E5C72C946A5248674AB7B56E24B246

File PE Metadata
Compilation timestamp:
9/5/2014 9:49:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:nZFJQHZsj7DovGviWxcZenpJLuHOn2JcMWbPDQGq/+G2Eg93rP:Zie70vxZenfKu+cPDQGUuXbP

Entry address:
0x23C0

Entry point:
6A, 00, FF, 15, 90, 50, 40, 00, 50, E8, 82, 09, 00, 00, 83, C4, 04, 50, FF, 15, 7C, 50, 40, 00, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 81, EC, 14, 02, 00, 00, 56, 8B, 75, 14, 85, F6, 75, 09, 33, C0, 5E, 8B, E5, 5D, C2, 10, 00, 57, FF, 75, 08, 8B, 7D, 10, 8D, 4D, F8, FF, 75, 0C, 57, E8, 03, 0E, 00, 00, 8D, 4D, F8, E8, 2B, 0E, 00, 00, 84, C0, 0F, 84, A4, 00, 00, 00, 8D, 4D, F8, E8, 2B, 0E, 00, 00, 83, F8, 01, 0F, 82, 93, 00, 00, 00, 8D, 4D, F8, E8, 1A, 0E, 00, 00, 3D, 00, 00, 00, 40, 0F, 87, 80, 00, 00...
 
[+]

Entropy:
8.0000

Packer / compiler:
FASM v1.3x

Code size:
9 KB (9,216 bytes)

The file abff2259-d180-4e87-a572-6bb9d692ad1e.exe has been seen being distributed by the following URL.

http://vzbucket.clara-labs.com/dde5a5b2-e3f2-4725-94b9-0e16aa7fec5d/build/.../abff2259-d180-4e87-a572-6bb9d692ad1e.exe

Remove abff2259-d180-4e87-a572-6bb9d692ad1e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.