» oc20150609.exe
Overview
Analysis
File Details
Downloads (2)

oc20150609.exe

Olacarita Update

The Olacarita Group

The application oc20150609.exe, “Olacarita Update Setup” has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from d2vubraihqcany.cloudfront.net and multiple other hosts.

File name:

oc20150609.exe

Publisher:

The Olacarita Group

Product:

Olacarita Update

Description:

Olacarita Update Setup

Version:

1.3.25.0

MD5:

59cdcb23186f4cf1999330b43f5740be

SHA-1:

967a5154fa44111960c69f3779842285eecf297d

SHA-256:

1747741ddcdec17068caf7fd4e73f468f780828db8434ba64fdcce04e5275c49

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/19/2024 11:21:40 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Mikey.18301

497

Arcabit

Trojan.Mikey.D477D

1.0.0.425

Bitdefender

Gen:Variant.Mikey.18301

1.0.20.1340

Bkav FE

HW32.Packed

1.3.0.6979

Emsisoft Anti-Malware

Gen:Variant.Mikey.18301

8.15.09.25.04

F-Secure

Gen:Variant.Mikey.18301

11.2015-25-09_6

G Data

Gen:Variant.Mikey.18301

15.9.25

Malwarebytes

PUP.Optional.Olacarita.A

v2015.09.25.04

MicroWorld eScan

Gen:Variant.Mikey.18301

16.0.0.804

Panda Antivirus

PUP/OutBrowse

15.09.25.04

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Zillya! Antivirus

Adware.Boxore.Win32.15

2.0.0.2282

File size:

683.5 KB (699,904 bytes)

Product version:

1.3.25.0

Original file name:

OlacaritaUpdateSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\oc20150609.exe

File PE Metadata

Compilation timestamp:

6/9/2015 3:58:27 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:NSxx7u+U97ydNHwkbqlfymPjKgO+o952xbS1lqYjJ/Qe3DpM4NmSsb4+PHr:Uxxu9SiLAUfO+o9UxgqUdMiscUr

Entry address:

0x11000

Entry point:

83, EC, 08, C7, 04, 24, 00, AE, 00, 00, C7, 44, 24, 04, 00, 10, 40, 00, 8B, 4C, 24, 04, 8B, 14, 24, B8, E8, 03, 00, 00, 3B, D0, 76, 10, 8A, 14, 08, F6, D2, 88, 14, 08, 8B, 14, 24, 40, 3B, C2, 72, F0, 83, C4, 08, E9, C6, 49, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

43.5 KB (44,544 bytes)

The file oc20150609.exe has been seen being distributed by the following 2 URLs.

http://d2vubraihqcany.cloudfront.net/Installer/.../OC20150609.exe

http://olacarita.com/.../OC20150609.exe

Remove oc20150609.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.