home

upaurora_1.0.0.3030__312br.exe

UpAurora

Brotsoft technology co., limited

The application upaurora_1.0.0.3030__312br.exe by Brotsoft technology co., limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.upaurora.com and multiple other hosts.
Publisher:
UpAurora.COM  (signed by Brotsoft technology co., limited)

Product:
UpAurora

Version:
1.0.0.3032

MD5:
6e0a0c7f460e78063851afe0ee834a91

SHA-1:
cd3936c335f228439c534cf5afae08a7e8f4a078

SHA-256:
3404058bf1fdcd0592599c75b7ff2325489b1d0fe67feda05849ae581e2d5219

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/27/2024 6:34:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.UpCleaner.Brotsofttechnologyco.Installer.Meta (L)
15.12.24.11

File size:
2.1 MB (2,244,520 bytes)

Product version:
1.0.0.3032

Copyright:
Copyright 2015 Aurora Network Company Limited. All rights reserved.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\upaurora_1.0.0.3030__312br.exe

Digital Signature
Signed by:
Brotsoft technology co., limited

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 10:00:00 PM

Valid to:
1/24/2016 9:59:59 PM

Subject:
CN="Brotsoft technology co., limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Brotsoft technology co., limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
49A33D71D0E7C34883277E7ADACABD97

File PE Metadata
Compilation timestamp:
12/3/2015 10:36:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:iGmxmfbm/DF9hVYBI9KKxOv8lLj5lqf5S09qVNaYHK0hSzhCU3GC1:2xmfixuB07LLqfdqV8Yq1173z

Entry address:
0x2E44C

Entry point:
E8, 32, 98, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, 3D, 38, 29, 45, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, 38, 29, 45, 00, 00, 74, 11, 83, EC, 04, D9, 3C, 24, 58, 66, 83, E0, 7F, 66, 83, F8, 7F, 74, D3, 55, 8B, EC, 83, EC, 20, 83, E4, F0, D9, C0, D9, 54, 24, 18, DF, 7C, 24, 10, DF, 6C, 24, 10, 8B, 54, 24, 18, 8B, 44, 24, 10, 85, C0, 74, 3C, DE, E9, 85, D2, 79, 1E, D9, 1C, 24, 8B, 0C, 24, 81, F1, 00, 00, 00, 80, 81...
 
[+]

Code size:
247 KB (252,928 bytes)

The file upaurora_1.0.0.3030__312br.exe has been seen being distributed by the following 2 URLs.

http://dl.upaurora.com/.../UpAurora_1.0.0.3032__213br.exe

http://dl.upaurora.com/.../UpAurora_1.0.0.3032__312br.exe

Remove upaurora_1.0.0.3030__312br.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.