2e9959d3-769e-478c-aaed-f288755c7d03.exe

ClaraUpdater

ClaraLabs

The application 2e9959d3-769e-478c-aaed-f288755c7d03.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from vzbucket.clara-labs.com.
Publisher:
ClaraLabs

Product:
ClaraUpdater

Version:
3.44.1.2

MD5:
32ed7298cd3de2133fe493c57a48786a

SHA-1:
9df9663a6c99fe8bb965fe556e0dec0546f4ac2b

SHA-256:
7831e3b15e0d8bbbab1dbce5d0c5ac1fb9f0cb4c5ef2119478ab25ab6a9b3770

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:38:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ClaraLabs.Meta (M)
16.2.7.8

File size:
1.1 MB (1,119,702 bytes)

Product version:
3.44.1.2

Copyright:
Copyright (C) 2014

Original file name:
Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\2e9959d3-769e-478c-aaed-f288755c7d03.exe

File PE Metadata
Compilation timestamp:
10/26/2015 10:04:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:GmSVB0yki7FJIcdDWazDDsy08qxksqfxziiYLVvWoN4:Gm49DN3l/dxziLLVvDi

Entry address:
0xEB000

Entry point:
90, B9, AF, E0, 61, 00, 90, 90, 68, 1C, B0, 4E, 00, 5A, 90, 90, BE, 98, 05, 00, 00, 31, 0C, 32, 90, 90, 83, EE, 04, 90, 75, F5, 47, 9D, 60, 00, AF, E0, 61, 00, AF, E0, 21, 00, 3A, B9, 69, 00, DF, BE, 6F, 00, 79, 85, 6F, 00, AF, 50, 63, 00, AE, E0, 61, 00, D7, 20, 2B, 00, 49, B6, 2C, 00, AF, B7, 2C, 00, F3, D8, 6C, 00, 4B, B6, 6C, 00, 51, B6, 6C, 00, D7, 48, 6B, 00, 4B, B6, 6C, 00, 51, B6, 6C, 00, AF, E0, 61, 00, AF, E0, 61, 00, AF, E0, 61, 00, AF, E0, 61, 00, 1F, 20, 2B, 00, AF, E0, 61, 00, AF, E0, 61, 00...
 
[+]

Entropy:
7.0495

Code size:
681 KB (697,344 bytes)

The file 2e9959d3-769e-478c-aaed-f288755c7d03.exe has been seen being distributed by the following URL.

Remove 2e9959d3-769e-478c-aaed-f288755c7d03.exe - Powered by Reason Core Security