Ultrafileopener10.exe

Ultra File Opener

CompuClever Systems Inc.

The application Ultrafileopener10.exe by CompuClever Systems has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from dl11.compuclever.com and multiple other hosts. While running, it connects to the Internet address singapore-187.cdn77.com on port 80 using the HTTP protocol.
Publisher:
CompuClever Systems Inc.  (signed and verified)

Product:
Ultra File Opener

Version:
3.34.3.133

MD5:
e07872afcf10c64ce5af3214a98ef533

SHA-1:
1c02324c63ee8eeac34c45d20f4df6d340c247ef

SHA-256:
836d3cc5aaa35c50d6504f14e8865402ba5d0b33b9b5c2a73dbfb6bd7e51cb83

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 11:46:08 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CompuClever.Meta (L)
16.6.10.11

File size:
729.1 KB (746,640 bytes)

Product version:
3.34.3.133

Copyright:
(c) CompuClever Systems Inc. All rights reserved.

Original file name:
Ultrafileopener10.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ultrafileopener10.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/27/2016 7:00:00 PM

Valid to:
1/27/2019 6:59:59 PM

Subject:
CN=CompuClever Systems Inc., O=CompuClever Systems Inc., L=Victoria, S=British Columbia, C=CA, SERIALNUMBER=BC0892179, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1442AC8041B500044344B4CD472AA850

File PE Metadata
Compilation timestamp:
1/27/2016 10:42:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:vz4ZXxN5YkiubFBddx7EGwFQl8H2h163cdb+Rtj8x:WXyubFBddxgzS63UitAx

Entry address:
0x3724E

Entry point:
E8, 0B, A5, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, A8, 4C, 46, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, E4, 18, 46, 00, 01, 0F, 82, 02, A6, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83...
 
[+]

Entropy:
6.3964

Code size:
295 KB (302,080 bytes)

The file Ultrafileopener10.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to compuclever.com  (50.17.213.191:80)

TCP (HTTP):
Connects to singapore-187.cdn77.com  (203.174.85.187:80)

TCP (HTTP):
Connects to hong-kong-19.cdn77.com  (43.245.63.21:80)

TCP (HTTP):
Connects to atlanta-20.cdn77.com  (185.152.66.25:80)

TCP (HTTP):
Connects to singapore-170.cdn77.com  (203.174.85.172:80)

TCP (HTTP):
Connects to madrid-20.cdn77.com  (185.93.3.29:80)

TCP (HTTP):
Connects to madrid-10.cdn77.com  (185.93.3.13:80)

TCP (HTTP):
Connects to los-angeles-15.cdn77.com  (185.180.13.17:80)

TCP (HTTP):
Connects to london-10.cdn77.com  (185.59.221.11:80)

Remove Ultrafileopener10.exe - Powered by Reason Core Security