olacaritainstaller.exe

Olacarita Update

Olacatala OU

The application olacaritainstaller.exe, “Olacarita Update Setup” by Olacatala OU has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from drzwu57ht9dxd.cloudfront.net and multiple other hosts.
Publisher:
The Olacarita Group  (signed by Olacatala OU)

Product:
Olacarita Update

Description:
Olacarita Update Setup

Version:
1.3.25.0

MD5:
d20fed6ae3a9eabeebf42240bca103af

SHA-1:
94ed2de6691bf6394b39a4c083a1857f89e04eff

SHA-256:
8132300ae434df401d1a174bd00b1432496ca6b31efac9fceac0f9495dc55171

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/24/2024 11:54:00 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.146.128

Dr.Web
Adware.Downware.1463
9.0.1.0350

G Data
Win32.Trojan-Dropper.BoxoreInject
14.12.24

Malwarebytes
PUP.Optional.SoftwareUpdate.A
v2014.12.16.03

NANO AntiVirus
Trojan.Win32.Downware.ctonas
0.28.0.59608

Reason Heuristics
PUP.Installer.OlacatalaOU.S
14.12.16.10

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10174

Trend Micro House Call
Suspicious_GEN.F47V0727
7.2.217

VIPRE Antivirus
Boxore
34696

File size:
604.9 KB (619,424 bytes)

Product version:
1.3.25.0

Copyright:
Copyright 2013 The Olacarita Group.

Original file name:
OlacaritaUpdateSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\olacaritainstaller.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
5/30/2014 2:00:00 AM

Valid to:
6/7/2017 2:00:00 PM

Subject:
CN=Olacatala OU, O=Olacatala OU, L=Tallinn, S=Tallinn, C=EE

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0205682CD1297B1EC23B7DC2FE37FA0C

File PE Metadata
Compilation timestamp:
7/9/2014 3:51:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:8o59rAZqr1eTSAIbHo0nf+P9+sjS6EQtgow6VgJXIUPX+PHy:8ENSXT4Nf+ntgj6VAPXUy

Entry address:
0x4785

Entry point:
E8, D5, 13, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 2F, 14, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 8F, 47, 40, 00, FF, 15, 0C, C0, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 68, EC, C1, 40, 00, FF, 15, 14, C0, 40, 00, 85, C0, 74, 15, 68, DC, C1, 40, 00, 50, FF, 15, 10, C0, 40, 00, 85, C0, 74, 05, FF, 75...
 
[+]

Code size:
40.5 KB (41,472 bytes)

The file olacaritainstaller.exe has been seen being distributed by the following 7 URLs.

Remove olacaritainstaller.exe - Powered by Reason Core Security