Allmyapps.exe

Allmyapps Desktop

ALLMYAPPS

The application Allmyapps.exe by ALLMYAPPS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Allmyapps’.
Publisher:
ALLMYAPPS  (signed and verified)

Product:
Allmyapps Desktop

Version:
2.0.0.24

MD5:
1bdc06d69736939170fc3f61c33c891a

SHA-1:
626b92d9aefe878598274e884cd7fc721fbc85dc

SHA-256:
93e74146ba4eb0b3327613cc65658f6e6fbd836cbf5a74de5349c4f059500220

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 8:30:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.ALLMYAPPS.J
14.8.1.0

File size:
6.5 MB (6,782,328 bytes)

Product version:
2.0.0.24

Copyright:
Copyright (C) 2013

Original file name:
Allmyapps.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\roaming\allmyapps\allmyapps.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/4/2013 9:00:00 AM

Valid to:
10/5/2015 8:59:59 AM

Subject:
CN=ALLMYAPPS, OU=Allmyapps PC App Store, O=ALLMYAPPS, L=BOULOGNE BILLANCOURT, S=Hauts-de-Seine, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6717BD7C4A28450AD28EED495407F479

File PE Metadata
Compilation timestamp:
1/31/2014 2:02:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:sP7gqCGo5cr+MV+LsiYGUi5P0KfpM6oy6ac7MELkm+cB/xM1Vgj+HzKXfiPEWIZW:sPXo5cD6thm5/8d7vKkC6DOl8

Entry address:
0x83662

Entry point:
E8, 73, 05, 00, 00, E9, 1C, FD, FF, FF, FF, 25, B0, A1, 49, 00, FF, 25, AC, A1, 49, 00, FF, 25, A8, A1, 49, 00, FF, 25, A4, A1, 49, 00, FF, 25, 98, A1, 49, 00, FF, 25, 94, A1, 49, 00, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 5D, E9, AF, 05, 00, 00, FF, 25, C0, A1, 49, 00, FF, 25, E8, A1, 49, 00, FF, 25, A0, A1, 49, 00, FF, 25, 9C, A1, 49, 00, 8B, FF, 55, 8B...
 
[+]

Entropy:
7.1384

Code size:
609 KB (623,616 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Allmyapps

Command:
"C:\users\{user}\appdata\roaming\allmyapps\allmyapps.exe" startup


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-192-234-212.nrt12.r.cloudfront.net  (54.192.234.212:443)

TCP (HTTP SSL):
Connects to server-54-192-234-8.nrt12.r.cloudfront.net  (54.192.234.8:443)

TCP (HTTP SSL):
Connects to server-54-230-87-191.lax3.r.cloudfront.net  (54.230.87.191:443)

TCP (HTTP SSL):
Connects to server-54-230-82-167.mia50.r.cloudfront.net  (54.230.82.167:443)

TCP (HTTP SSL):
Connects to server-54-230-82-173.mia50.r.cloudfront.net  (54.230.82.173:443)

TCP (HTTP SSL):
Connects to server-54-230-7-177.dfw3.r.cloudfront.net  (54.230.7.177:443)

TCP (HTTP SSL):
Connects to server-54-230-78-173.cdg50.r.cloudfront.net  (54.230.78.173:443)

TCP (HTTP SSL):
Connects to server-54-230-202-164.fra50.r.cloudfront.net  (54.230.202.164:443)

TCP (HTTP SSL):
Connects to server-54-192-229-123.waw50.r.cloudfront.net  (54.192.229.123:443)

TCP (HTTP SSL):
Connects to server-54-230-202-144.fra50.r.cloudfront.net  (54.230.202.144:443)

TCP (HTTP SSL):
Connects to server-54-230-197-139.lhr50.r.cloudfront.net  (54.230.197.139:443)

TCP (HTTP SSL):
Connects to server-54-192-9-225.lhr3.r.cloudfront.net  (54.192.9.225:443)

TCP (HTTP SSL):
Connects to server-54-192-27-94.mxp4.r.cloudfront.net  (54.192.27.94:443)

TCP (HTTP SSL):
Connects to server-54-192-229-103.waw50.r.cloudfront.net  (54.192.229.103:443)

TCP (HTTP SSL):
Connects to server-54-230-82-178.mia50.r.cloudfront.net  (54.230.82.178:443)

TCP (HTTP SSL):
Connects to server-54-230-78-91.cdg50.r.cloudfront.net  (54.230.78.91:443)

TCP (HTTP SSL):
Connects to server-54-230-7-194.dfw3.r.cloudfront.net  (54.230.7.194:443)

TCP (HTTP SSL):
Connects to server-54-230-197-27.lhr50.r.cloudfront.net  (54.230.197.27:443)

TCP (HTTP SSL):
Connects to server-54-192-9-253.lhr3.r.cloudfront.net  (54.192.9.253:443)

TCP (HTTP SSL):
Connects to server-54-192-27-55.mxp4.r.cloudfront.net  (54.192.27.55:443)

Remove Allmyapps.exe - Powered by Reason Core Security