home

olacarita.exe

Olacarita

Olacatala OU

The application olacarita.exe by Olacatala OU has been detected as adware by 10 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Olacarita’. While running, it connects to the Internet address 10-3798 on port 80 using the HTTP protocol.
Publisher:
Olacarita OU  (signed by Olacatala OU)

Product:
Olacarita

Version:
1.0.0.0

MD5:
8a870118bfbb8587fa01355aa9081aa0

SHA-1:
1ba87da629e0c970811156521bfe31edd2e0b9bd

SHA-256:
885900bda98af4815e4feb040e5c2d3a356759e53e68a697edb14acb6b53c374

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
4/19/2024 5:35:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.689923
781

Baidu Antivirus
Adware.Win32.Boxore
4.0.3.141216

Bitdefender
Application.Generic.689923
1.0.20.1750

Comodo Security
ApplicUnwnt
19022

ESET NOD32
Win32/AdWare.Boxore (variant)
8.10230

F-Secure
Application.Generic.689923
11.2014-16-12_3

G Data
Application.Generic.689923
14.12.24

MicroWorld eScan
Application.Generic.689923
15.0.0.1050

Reason Heuristics
PUP.Startup.OlacatalaOU.J
14.12.16.10

VIPRE Antivirus
Trojan.Win32.Generic
31744

File size:
1.6 MB (1,645,128 bytes)

Product version:
1.0.0.0

Original file name:
olacarita.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\olacarita\olacarita\olacarita.exe

Digital Signature
Signed by:
Olacatala OU

Authority:
DigiCert Inc

Valid from:
5/30/2014 2:00:00 AM

Valid to:
6/7/2017 2:00:00 PM

Subject:
CN=Olacatala OU, O=Olacatala OU, L=Tallinn, S=Tallinn, C=EE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0205682CD1297B1EC23B7DC2FE37FA0C

File PE Metadata
Compilation timestamp:
8/2/2014 11:43:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:57aDZvpZeuKTEYC8M/SfuPr/XuP6dZgDxN6fayHQLBdfMF5lDeGSeG4:qZBcQDXTI0ayHQLzi7S4

Entry address:
0xA19BD

Entry point:
E8, 4F, 91, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 80, 17, 4D, 00, 75, 02, F3, C3, E9, D1, 91, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 40, BF, 4D, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 1A, 1C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF...
 
[+]

Code size:
745.5 KB (763,392 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Olacarita

Command:
C:\Program Files\olacarita\olacarita\olacarita.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 10-3798  (194.150.236.159:80)

Remove olacarita.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.