home

claraupdater.exe

ClaraUpdater

CLARALABSOFTWARE

The application claraupdater.exe by CLARALABSOFTWARE has been detected as a potentially unwanted program by 8 anti-malware scanners. It runs as a windows Service named “ClaraUpdater”. The file has been seen being downloaded from vzbucket.clara-labs.com.
Publisher:
ClaraLabs  (signed by CLARALABSOFTWARE)

Product:
ClaraUpdater

Version:
3.25.1.1

MD5:
09faa5eb732d7d4e2b38ce791bc6212e

SHA-1:
65abb3884264f2559fabc0327b108b8dce28f60f

SHA-256:
eab539181a1905836d1355fa649f1dd1e8436a2761c76f1a6d77cf364108a727

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 7:57:18 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Iminent.63
9.0.1.0168

G Data
Win32.Adware.Clara
15.6.25

Malwarebytes
PUP.Optional.Clara.A
v2015.06.17.11

McAfee
Artemis!79FC37F692F7
5600.6732

Panda Antivirus
PUP/Clara
15.06.17.11

Reason Heuristics
PUP.CLARALABSOFTWARE
15.6.17.7

Rising Antivirus
PE:PUF.Clicker.Pimpo!1.9C67
23.00.65.15615

Trend Micro House Call
Suspicious_GEN.F47V0421
7.2.168

File size:
913.6 KB (935,536 bytes)

Product version:
3.25.1.1

Copyright:
Copyright (C) 2014

Original file name:
Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\claraupdater\claraupdater.exe

Digital Signature
Signed by:
CLARALABSOFTWARE

Authority:
GlobalSign nv-sa

Valid from:
7/29/2014 3:13:08 AM

Valid to:
7/30/2015 3:13:08 AM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E6E5C72C946A5248674AB7B56E24B246

File PE Metadata
Compilation timestamp:
6/15/2015 8:29:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:ZYKFwabwyLqVZWjwiztLZjA7zbV1eCq94bz:ZYUGBIzsXeCq94bz

Entry address:
0x84E35

Entry point:
E8, 18, 12, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 18, 8D, 4D, E8, 53, 57, FF, 75, 0C, E8, 6C, C3, FF, FF, 8B, 5D, 08, BF, 00, 01, 00, 00, 3B, DF, 73, 60, 8B, 4D, E8, 83, 79, 74, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, 08, 13, 01, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, 90, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 01, 85, C0, 74, 1E, 80, 7D, F4, 00, 8B, 81, 94, 00, 00, 00, 0F, B6, 0C, 18, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C1, E9, D2, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 4D, F0, 83, 61...
 
[+]

Entropy:
6.7392

Code size:
678 KB (694,272 bytes)

Service
Display name:
ClaraUpdater

Type:
Win32OwnProcess, InteractiveProcess


The file claraupdater.exe has been seen being distributed by the following URL.

http://vzbucket.clara-labs.com/267f64d7-5811-419d-b4ff-d5c9afe1a8dd/build/.../c46668dc-c657-4cb1-9b3e-afe3fd0c2107.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:80)

Remove claraupdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.