30178531-afdc-45b7-be38-79d50c8ce0a3.exe

Tortuga Installer

ClaraLabSoftware

The application 30178531-afdc-45b7-be38-79d50c8ce0a3.exe by ClaraLabSoftware has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from vzbucket.clara-labs.com.
Publisher:
The Tortuga Authors  (signed by ClaraLabSoftware)

Product:
Tortuga Installer

Version:
42.0.2311.93

MD5:
c865af5f2d8d17679c64b6a3ee7c3f1b

SHA-1:
0ba41355bb539cdb894a2179474821fd884a993a

SHA-256:
31e3badafd7e97f9808295b725668c09294a0a33eed5157d55a1095e71cd9de5

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:42:55 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Iminent.47
9.0.1.0227

Reason Heuristics
PUP.ClaraLabSoftware.Installer (M)
15.8.15.0

File size:
39 MB (40,902,776 bytes)

Product version:
42.0.2311.93

Copyright:
Copyright 2013 The Tortuga Authors. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\30178531-afdc-45b7-be38-79d50c8ce0a3.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/20/2015 1:40:38 AM

Valid to:
1/21/2016 1:40:38 AM

Subject:
CN=ClaraLabSoftware, O=ClaraLabSoftware, L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112123154E5E0FD1C6C84C77F8890B7472E0

File PE Metadata
Compilation timestamp:
8/7/2015 10:08:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:6npOH8Mih1EHJMlHwsyn+H5HFl4zAqVyxprxAqt6v8KCH6HKbmt5tlzdvMfeHQ:6nQ8zhOHJeHwnTPVmtWnCcKb25nlZHQ

Entry address:
0x209A

Entry point:
6A, 00, FF, 15, A4, 40, 40, 00, 50, E8, FC, 08, 00, 00, 59, 50, FF, 15, 90, 40, 40, 00, CC, 55, 8B, EC, 81, EC, 14, 02, 00, 00, 53, 56, 8B, 75, 14, 85, F6, 0F, 84, BE, 00, 00, 00, FF, 75, 08, 8D, 4D, F8, FF, 75, 0C, FF, 75, 10, E8, BB, 0C, 00, 00, 8D, 4D, F8, E8, D8, 0C, 00, 00, 84, C0, 0F, 84, 9D, 00, 00, 00, 8D, 4D, F8, E8, D0, 0C, 00, 00, 83, F8, 01, 0F, 82, 8C, 00, 00, 00, 8D, 4D, F8, E8, BF, 0C, 00, 00, 3B, 05, F4, 14, 40, 00, 77, 7C, FF, 36, 33, C0, BB, 04, 01, 00, 00, 66, 89, 45, F4, 66, 89, 85, EC...
 
[+]

Packer / compiler:
FASM v1.3x

Code size:
8 KB (8,192 bytes)

The file 30178531-afdc-45b7-be38-79d50c8ce0a3.exe has been seen being distributed by the following URL.

Remove 30178531-afdc-45b7-be38-79d50c8ce0a3.exe - Powered by Reason Core Security