claraupdater_new.exe

ClaraUpdater

ClaraLabSoftware

The application claraupdater_new.exe by ClaraLabSoftware has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 201.31.162.87 and multiple other hosts.
Publisher:
ClaraLabs  (signed by ClaraLabSoftware)

Product:
ClaraUpdater

Version:
3.44.1.2

MD5:
210ccd9e05746a2e36ca69014f7868b9

SHA-1:
0604512a013a75b02aeba0a35f8e8966e5d51ec8

SHA-256:
45de3d28fd91aeea9cd26f62dc468c79784f43ee117a4cee6cb7dcae1bd2050b

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:42:13 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Iminent.66
9.0.1.0300

ESET NOD32
Win32/Adware.CognosAds (variant)
9.12472

IKARUS anti.virus
PUA.Toolbar.Iminent
t3scan.1.9.5.0

Malwarebytes
PUP.Optional.Clara
v2015.10.27.07

Reason Heuristics
PUP.ClaraLabSoftware (M)
15.10.27.19

VIPRE Antivirus
ClaraLabs
44846

File size:
919.6 KB (941,680 bytes)

Product version:
3.44.1.2

Copyright:
Copyright (C) 2014

Original file name:
Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\common files\claraupdater\claraupdater_new.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/20/2015 5:40:38 AM

Valid to:
1/21/2016 5:40:38 AM

Subject:
CN=ClaraLabSoftware, O=ClaraLabSoftware, L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112123154E5E0FD1C6C84C77F8890B7472E0

File PE Metadata
Compilation timestamp:
10/26/2015 5:04:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:zmSVB0yki7FJIcdDWazDDsy08qxksqfxOiiPLVvk:zm49DN3l/dxOiELVvk

Entry address:
0x85995

Entry point:
E8, 08, 12, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 18, 8D, 4D, E8, 53, 57, FF, 75, 0C, E8, 69, C3, FF, FF, 8B, 5D, 08, BF, 00, 01, 00, 00, 3B, DF, 73, 60, 8B, 4D, E8, 83, 79, 74, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, F8, 12, 01, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, 90, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 01, 85, C0, 74, 1E, 80, 7D, F4, 00, 8B, 81, 94, 00, 00, 00, 0F, B6, 0C, 18, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C1, E9, D2, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 4D, F0, 83, 61...
 
[+]

Code size:
681 KB (697,344 bytes)

The file claraupdater_new.exe has been seen being distributed by the following 2 URLs.

http://201.31.162.87/cache/vzbucket.clara-labs.com/267f64d7-5811-419d-b4ff-d5c9afe1a8dd/build/.../2e9959d3-769e-478c-aaed-f288755c7d03.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:80)

TCP (HTTP):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:80)

TCP (HTTP):
Connects to i0-h0-s1015.p0-mia.cdngp.net  (174.35.36.20:80)

Remove claraupdater_new.exe - Powered by Reason Core Security