home

840eduSetup.exe

ClaimGear

CollaborateMD

This is a self-extracting archive and installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘C:\Users\aarons\Downloads\840eduSetup (1).exe’. The file has been seen being downloaded from www.collaboratemd.com.
Publisher:
CollaborateMD

Product:
ClaimGear

Description:
This installer database contains the logic and data required to install ClaimGear.

Version:
8.4.0

MD5:
1032cabce504c35fef02407617b999fb

SHA-1:
5aacf292eca4100a16ad56e520a707be6b0432fc

SHA-256:
f33502fb60de425a9e1ab375afccbfc019b421892573bfe74a4acde86081c160

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/10/2025 3:49:20 PM UTC  (today)

File size:
29 MB (30,426,383 bytes)

Product version:
8.4.0

Copyright:
Copyright (C) CollaborateMD

Original file name:
840eduSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\840edusetup.exe

File PE Metadata
Compilation timestamp:
6/26/2012 3:05:58 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
786432:Vx+P5BmXtfBdfDjKAM7UpJucbRANlrQT/+hBJaZ0:0EDOAMcoNdYmJaZ0

Entry address:
0x2E0AE

Entry point:
E8, 90, 91, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, FF, 75, 10, 8D, 4D, F0, E8, 8A, FA, FF, FF, 33, DB, 39, 5D, 08, 75, 2E, E8, 3E, 2B, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, C6, 2A, 00, 00, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C7, 00, 00, 00, 56, 8B, 75, 0C, 3B, F3, 75, 2E, E8, 08, 2B, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 90, 2A, 00, 00, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8...
 
[+]

Entropy:
7.9932  (probably packed)

Code size:
253.5 KB (259,584 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
C:\users\{user}\downloads\840edusetup.exe

Command:
"C:\users\{user}\downloads\840edusetup.exe" \exenoupdates \exelang 0 \prereqs "0"


The file 840eduSetup.exe has been seen being distributed by the following URL.

http://www.collaboratemd.com/.../840eduSetup.exe

Scan 840eduSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.