home

upaurora_1.0.0.3030__312br.exe

UpAurora

Brotsoft technology co., limited

The application upaurora_1.0.0.3030__312br.exe by Brotsoft technology co., limited has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.upaurora.com and multiple other hosts.
Publisher:
UpAurora.COM  (signed by Brotsoft technology co., limited)

Product:
UpAurora

Version:
1.0.0.3034

MD5:
71bf01546ea9651d14f69c01cd7b8991

SHA-1:
1b3d9be4cf121493773bc71d74bb788fa7b52e4b

SHA-256:
02fae81b747504eb62c3e4d1e7809a7ef37698c9120ed2580d7eec3220e99191

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
5/27/2024 1:12:09 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Hao123.H potentially unwanted (variant)
9.12695

Reason Heuristics
PUP.UpCleaner.Brotsofttechnologyco.Installer.Meta (L)
15.12.24.11

File size:
2.1 MB (2,245,032 bytes)

Product version:
1.0.0.3034

Copyright:
Copyright 2015 Aurora Network Company Limited. All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\upaurora_1.0.0.3030__312br.exe

Digital Signature
Signed by:
Brotsoft technology co., limited

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 10:00:00 PM

Valid to:
1/24/2016 9:59:59 PM

Subject:
CN="Brotsoft technology co., limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Brotsoft technology co., limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
49A33D71D0E7C34883277E7ADACABD97

File PE Metadata
Compilation timestamp:
12/8/2015 8:52:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:HGmxmfamADF9hVYTpJunOfrL47b0+M+vSxTb+VMGreZuBQ:TxmfUxuFJGTb0+5KRyVYZu2

Entry address:
0x2E44C

Entry point:
E8, 32, 98, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, 3D, 38, 29, 45, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, 38, 29, 45, 00, 00, 74, 11, 83, EC, 04, D9, 3C, 24, 58, 66, 83, E0, 7F, 66, 83, F8, 7F, 74, D3, 55, 8B, EC, 83, EC, 20, 83, E4, F0, D9, C0, D9, 54, 24, 18, DF, 7C, 24, 10, DF, 6C, 24, 10, 8B, 54, 24, 18, 8B, 44, 24, 10, 85, C0, 74, 3C, DE, E9, 85, D2, 79, 1E, D9, 1C, 24, 8B, 0C, 24, 81, F1, 00, 00, 00, 80, 81...
 
[+]

Code size:
247 KB (252,928 bytes)

The file upaurora_1.0.0.3030__312br.exe has been seen being distributed by the following 2 URLs.

http://dl.upaurora.com/.../UpAurora_1.0.0.3034__312br.exe

http://dl.upaurora.com/.../UpAurora_1.0.0.3034__213br.exe

Remove upaurora_1.0.0.3030__312br.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.