home

Ultraebookreader10.exe

Ultra eBook Reader

CompuClever Systems Inc.

The application Ultraebookreader10.exe by CompuClever Systems has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.ultraebookreader.com. While running, it connects to the Internet address london-10.cdn77.com on port 80 using the HTTP protocol.
Publisher:
CompuClever Systems Inc.  (signed and verified)

Product:
Ultra eBook Reader

Version:
3.35.3.134

MD5:
93d217860d9c7f8491b8f93e00741039

SHA-1:
2ac45064d75d5125aa8ea9ea4584491ef457c2f4

SHA-256:
389f5eaaa4910e3285294d77cdbf7755baa5a86c3c096ddde471d73df981a244

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 2:26:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CompuClever
16.8.7.10

File size:
739.1 KB (756,880 bytes)

Product version:
3.35.3.134

Copyright:
(c) CompuClever Systems Inc. All rights reserved.

Original file name:
Ultraebookreader10.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
CompuClever Systems Inc.

Authority:
Symantec Corporation

Valid from:
1/28/2016 1:00:00 AM

Valid to:
1/28/2019 12:59:59 AM

Subject:
CN=CompuClever Systems Inc., O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA, SERIALNUMBER=BC0892179, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1442AC8041B500044344B4CD472AA850

File PE Metadata
Compilation timestamp:
1/28/2016 4:46:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:Xz4ZXxN5YkiubFBddx7EGwFMw8H1h12FSC6onScmLD8t:OXyubFBddxgzM2SLLgt

Entry address:
0x3724E

Entry point:
E8, 0B, A5, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A8, 4C, 46, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, E4, 18, 46, 00, 01, 0F, 82, 02, A6, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Code size:
295 KB (302,080 bytes)

The file Ultraebookreader10.exe has been seen being distributed by the following URL.

http://www.ultraebookreader.com/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to compuclever.com  (50.17.213.191:80)

TCP (HTTP):
Connects to london-10.cdn77.com  (185.59.221.11:80)

Remove Ultraebookreader10.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.