» Olacarita.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

Olacarita.exe

Olacarita

Olacarita OU

The application Olacarita.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Olacarita’. While running, it connects to the Internet address 10-3798 on port 80 using the HTTP protocol.

File name:

Olacarita.exe

Publisher:

Olacarita OU

Product:

Olacarita

Version:

3, 3, 0, 0

MD5:

b87e7282d82b0cab4d115a54edfc55c3

SHA-1:

7e208b8517506f134f08803e380ddcfb2d290c9a

SHA-256:

6b0e7b884289804f2249308e08bbe3f23d6b20203b241c7c84cc47510fe8891c

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 7:16:30 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen7

8.3.2.2

Malwarebytes

PUP.Optional.Olacarita

v2015.09.22.08

Reason Heuristics

PUP.Boxore.OlacaritaOU.Meta (M)

15.11.9.13

SUPERAntiSpyware

PUP.Olacarita/Variant

9613

ViRobot

Trojan.Win32.A.Yakes.1714176[h]

2014.3.20.0

File size:

1.6 MB (1,714,176 bytes)

Product version:

3, 3, 0, 0

Original file name:

Olacarita.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\olacarita\olacarita\olacarita.exe

File PE Metadata

Compilation timestamp:

9/21/2015 11:14:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:JLRKQ/aLFTt3K/EU5Z95G65ysP7L7oHbelx70nUKo4ZMqneGSeGjnHP:KFTt5U5ZJy8llxAnUKo46qSjnHP

Entry address:

0xEA000

Entry point:

E9, 8C, 7B, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

765.5 KB (783,872 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Olacarita

Command:

C:\Program Files\olacarita\olacarita\olacarita.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 10-3798 (194.150.236.159:80)

Remove Olacarita.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.