home

iClaro.exe

iClaro Installer

OutBrowse Ltd

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application iClaro.exe by OutBrowse has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from dl.kbm2.com and multiple other hosts.
Publisher:
iClaro  (signed by OutBrowse Ltd)

Product:
iClaro Installer

Description:
iClaro

Version:
1.0

MD5:
325c188606e6d39bf3e4128f3732b523

SHA-1:
d23c9f6c33db3e3aadb65ac46724ea1495f6f271

SHA-256:
74809008993886bf06d55c0faf3ba9a4510334d356dc46f16f39d120622609df

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/14/2024 2:01:32 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Toolbar.Babylon
2014.0.3542

Boost by Reason
Trojan.Adw.Installer.OutBrowse.G
2013.8.28.0

Dr.Web
Adware.Toolbar.146
9.0.1.0240

Emsisoft Anti-Malware
Trojan.Win32.OutBrowse.AMN
8.13.08.28.12

ESET NOD32
Win32/DownWare
7.9182

Fortinet FortiGate
Adware/OutBrowse
8/28/2013

MicroWorld eScan
Win32/Toolbar.Babylon
14.0.0.720

Reason Heuristics
PUP.Installer.OutBrowse.G
14.8.7.17

Trend Micro House Call
ADW_BPROTECT
7.2.240

Trend Micro
ADW_BPROTECT
10.465.28

VIPRE Antivirus
OutBrowse
24452

ViRobot
Adware.Babylon.956272
2011.4.7.4223

File size:
933.9 KB (956,272 bytes)

Copyright:
© iClaro

Trademarks:
iClaro.com

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\iclaro.exe

Digital Signature
Signed by:
OutBrowse Ltd

Authority:
VeriSign, Inc.

Valid from:
1/10/2012 4:00:00 PM

Valid to:
1/10/2013 3:59:59 PM

Subject:
CN=OutBrowse Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse Ltd, L=Ramat Gan, S=Merkaz, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
51AC0634BE5BEE7A290676D4A583D04A

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:eGyUEx6CT9XwlZ2Ksg/pIkE+2kst7LTd+ev2NqL:K6C5ERsgBIOw7/d+ev2NqL

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9592

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file iClaro.exe has been seen being distributed by the following 2 URLs.

http://dl.kbm2.com/.../Claro20121015.exe

http://cdn.install.playbryte.com/bundles/.../iClaro.exe

Remove iClaro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.