Ultraebookreader10.exe

Ultra eBook Reader

CompuClever Systems Inc.

The application Ultraebookreader10.exe by CompuClever Systems has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.ultraebookreader.com. While running, it connects to the Internet address london-10.cdn77.com on port 80 using the HTTP protocol.
Publisher:
CompuClever Systems Inc.  (signed and verified)

Product:
Ultra eBook Reader

Version:
3.35.3.134

MD5:
93d217860d9c7f8491b8f93e00741039

SHA-1:
2ac45064d75d5125aa8ea9ea4584491ef457c2f4

SHA-256:
389f5eaaa4910e3285294d77cdbf7755baa5a86c3c096ddde471d73df981a244

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 11:51:34 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CompuClever
16.8.7.10

File size:
739.1 KB (756,880 bytes)

Product version:
3.35.3.134

Copyright:
(c) CompuClever Systems Inc. All rights reserved.

Original file name:
Ultraebookreader10.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/28/2016 1:00:00 AM

Valid to:
1/28/2019 12:59:59 AM

Subject:
CN=CompuClever Systems Inc., O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA, SERIALNUMBER=BC0892179, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1442AC8041B500044344B4CD472AA850

File PE Metadata
Compilation timestamp:
1/28/2016 4:46:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:Xz4ZXxN5YkiubFBddx7EGwFMw8H1h12FSC6onScmLD8t:OXyubFBddxgzM2SLLgt

Entry address:
0x3724E

Entry point:
E8, 0B, A5, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A8, 4C, 46, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, E4, 18, 46, 00, 01, 0F, 82, 02, A6, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Code size:
295 KB (302,080 bytes)

The file Ultraebookreader10.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to compuclever.com  (50.17.213.191:80)

TCP (HTTP):
Connects to london-10.cdn77.com  (185.59.221.11:80)

Remove Ultraebookreader10.exe - Powered by Reason Core Security