Olacarita.exe

Olacarita

Olacarita OU

The application Olacarita.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Olacarita’. While running, it connects to the Internet address 10-3798 on port 80 using the HTTP protocol.
Publisher:
Olacarita OU

Product:
Olacarita

Version:
3, 2, 0, 0

MD5:
eaf068402151ca6f190ce38e6caf6f50

SHA-1:
580139fcaf85bcc86d4cc15b6509f13c463d8e41

SHA-256:
5d3c5212302400a4d60ed69ebfd26b6678a2f76bf1054b032e71f0682c342e99

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:08:04 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Olacarita.A
v2015.08.03.08

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Boxore.OlacaritaOU.Meta (M)
15.11.9.13

File size:
2.1 MB (2,210,304 bytes)

Product version:
3, 2, 0, 0

Original file name:
Olacarita.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\olacarita\olacarita\olacarita.exe

File PE Metadata
Compilation timestamp:
7/30/2015 9:05:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:dQFpZ+XJz3MabTtnaTJElFmN3Cu1nnKTQFI5fouvLoVkneR9/bfqoioQeGSeGMIC:vnla1CanuQcgR9/bfqoijSMI/K

Entry address:
0x161000

Entry point:
E9, 3E, DD, F7, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.2 MB (1,229,312 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Olacarita

Command:
C:\Program Files\olacarita\olacarita\olacarita.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 10-3798  (194.150.236.159:80)

Remove Olacarita.exe - Powered by Reason Core Security