Olacarita.exe

Olacarita

Olacarita OU

The application Olacarita.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. While running, it connects to the Internet address 10-3798 on port 80 using the HTTP protocol.
Publisher:
Olacarita OU

Product:
Olacarita

Version:
3, 4, 0, 0

MD5:
e72c730f9914fa39085f003cf858b8b5

SHA-1:
d591055d29ed20d5f63020ad02d78d9dddff2734

SHA-256:
b6cc0c4192708b6a686d70f4c30070e6e29e57e05f31843c35e0231938d5ce74

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:55:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Boxore.OlacaritaOU.Meta (M)
16.1.5.10

File size:
1.7 MB (1,731,584 bytes)

Product version:
3, 4, 0, 0

Original file name:
Olacarita.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\olacarita\olacarita\olacarita.exe

File PE Metadata
Compilation timestamp:
10/19/2015 12:30:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:tQoeMRB5Zuy8BM/h9tJb6SPRkgXEN/Lal6GRMIrWs5eGSeG:Vuy8B2gSZXual6GRMIq6S

Entry address:
0xEE000

Entry point:
E9, 5C, 75, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
784 KB (802,816 bytes)

Scheduled Task
Task name:
lsp_svc_reg

Trigger:
Time


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 10-3798  (194.150.236.159:80)

Remove Olacarita.exe - Powered by Reason Core Security