b010fee3-aeaf-4e68-8635-41b5e70fced7.exe

BoBrowser Installer

ClaraLabSoftware

The application b010fee3-aeaf-4e68-8635-41b5e70fced7.exe by ClaraLabSoftware has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from vzbucket.clara-labs.com.
Publisher:
The BoBrowser Authors  (signed by ClaraLabSoftware)

Product:
BoBrowser Installer

Version:
45.0.2454.153

MD5:
96141d24b5c0b6be05523d7ff2bb03f1

SHA-1:
f66f81d77f42b586f1442b2c48980cf6b1800892

SHA-256:
5996457fad808ebcc64de82df0686185db6887e3733a27df202c0f804d6355db

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 4:29:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ClaraLab.Installer (M)
16.3.22.13

File size:
40.1 MB (42,051,320 bytes)

Product version:
45.0.2454.153

Copyright:
Copyright 2014 The BoBrowser Authors. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\b010fee3-aeaf-4e68-8635-41b5e70fced7.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/30/2015 10:00:00 PM

Valid to:
12/20/2016 9:59:59 PM

Subject:
CN=ClaraLabSoftware, OU=ClaraLabSoftware, O=ClaraLabSoftware, POBox=ClaraLabSoftware, STREET=32 BOULEVARD DE STRASBOURG, L=PARIS, S=FRANCE, PostalCode=75010, C=FR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008857DCCA6BEB83363B5B8D19600709FF

File PE Metadata
Compilation timestamp:
3/16/2016 9:18:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:PKsfLUrC+KZeb3ngwX2ln41mdl9gyNTjOTPNfBltvG/Ie/I:isr+KZeb3nxXmEUl9rZiTN5rG/5I

Entry address:
0x2143

Entry point:
6A, 00, FF, 15, B4, 40, 40, 00, 50, E8, 98, 09, 00, 00, 59, 50, FF, 15, A0, 40, 40, 00, CC, 55, 8B, EC, 81, EC, 14, 02, 00, 00, 53, 56, 8B, 75, 14, 85, F6, 0F, 84, BE, 00, 00, 00, FF, 75, 08, 8D, 4D, F8, FF, 75, 0C, FF, 75, 10, E8, EE, 0C, 00, 00, 8D, 4D, F8, E8, 0B, 0D, 00, 00, 84, C0, 0F, 84, 9D, 00, 00, 00, 8D, 4D, F8, E8, 03, 0D, 00, 00, 83, F8, 01, 0F, 82, 8C, 00, 00, 00, 8D, 4D, F8, E8, F2, 0C, 00, 00, 3B, 05, E8, 14, 40, 00, 77, 7C, FF, 36, 33, C0, BB, 04, 01, 00, 00, 66, 89, 45, F4, 66, 89, 85, EC...
 
[+]

Packer / compiler:
FASM v1.3x

Code size:
8 KB (8,192 bytes)

The file b010fee3-aeaf-4e68-8635-41b5e70fced7.exe has been seen being distributed by the following URL.

Remove b010fee3-aeaf-4e68-8635-41b5e70fced7.exe - Powered by Reason Core Security