home

currentsupdate.exe

CarboniteCurrents

Carbonite

This is a self-extracting archive and installer. The file has been seen being downloaded from d1p4bzyyj7o0nm.cloudfront.net.
Publisher:
Carbonite, Inc.  (signed by Carbonite)

Product:
CarboniteCurrents

Description:
CarboniteCurrents Setup for Windows

Version:
1.0.1689

MD5:
288e36dcf21e099b054a657adf102364

SHA-1:
83352123fb2c11067e6f240e66aa42b255080632

SHA-256:
7c84cf41c6f54366b8842fcc767ea0eb6bef8634c47817ca4a26ccef0036433b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 7:57:49 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Delf.I
7.11.30.172

File size:
5.9 MB (6,229,544 bytes)

Product version:
1.0.1689

Copyright:
(c) Carbonite, Inc. All rights reserved.

Original file name:
CurrentsSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\currentsupdate.exe

Digital Signature
Signed by:
Carbonite

Authority:
Thawte, Inc.

Valid from:
6/12/2012 5:00:00 PM

Valid to:
6/13/2014 4:59:59 PM

Subject:
CN=Carbonite, OU=Operations, O=Carbonite, L=Boston, S=Massachusetts, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5E842B812A21D03222818F173920F944

File PE Metadata
Compilation timestamp:
3/28/2013 7:47:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:LoJ3Q7hwfftzTn3Zf8FTaoNYFTG0QZz9B7EzbKVxW5yOd935Hq4va43WDqyg:LkQ7GffRTn3RkTa6YHGz9B7EiVxW0OJ5

Entry address:
0x309F

Entry point:
E8, 4B, 1C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 54, 92, 40, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B0, 90, 40, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 68, DD, 40, 00, 89, 0D, 64, DD, 40, 00, 89, 15, 60, DD, 40, 00, 89, 1D, 5C, DD, 40, 00, 89, 35, 58, DD, 40, 00, 89, 3D...
 
[+]

Entropy:
7.9250  (probably packed)

Code size:
30.5 KB (31,232 bytes)

The file currentsupdate.exe has been seen being distributed by the following URL.

https://d1p4bzyyj7o0nm.cloudfront.net/CurrentsSetup 1.0.1689.exe

Scan currentsupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.