» Allmyapps.exe
Overview
Analysis
File Details
Behaviors (1)
Network (6)

Allmyapps.exe

Allmyapps Desktop

ALLMYAPPS

The application Allmyapps.exe by ALLMYAPPS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named AllmyappsUpdateTask triggered daily at a specified time. While running, it connects to the Internet address server-52-85-184-221.fra2.r.cloudfront.net on port 443.

File name:

Allmyapps.exe

Publisher:

ALLMYAPPS (signed and verified)

Product:

Allmyapps Desktop

Version:

2.0.0.21

MD5:

713a299d3abc7af9d46644b349f09c64

SHA-1:

7409076e92c9f9a7edbf56333c3f4c4d00557b40

SHA-256:

e747fc481a21fbe0e7575f54567869f0eb1ba36a9b773160b2369ea3d7dd4c96

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/24/2024 7:33:43 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Task.ALLMYAPPS.J

14.8.1.0

File size:

6.4 MB (6,757,752 bytes)

Product version:

2.0.0.21

Original file name:

Allmyapps.exe

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\users\{user}\appdata\roaming\allmyapps\allmyapps.exe

Digital Signature

Signed by:

ALLMYAPPS

Authority:

Thawte, Inc.

Valid from:

10/4/2013 9:30:00 AM

Valid to:

10/5/2015 10:29:59 AM

Subject:

CN=ALLMYAPPS, OU=Allmyapps PC App Store, O=ALLMYAPPS, L=BOULOGNE BILLANCOURT, S=Hauts-de-Seine, C=FR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6717BD7C4A28450AD28EED495407F479

File PE Metadata

Compilation timestamp:

12/9/2013 11:52:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:AwP1c+dnXsSeacr+zV+LsiYGUi5P0KfpM6oy6ac7MELkm+cB/xM1Vgj+HAKXfiP0:AwLdReacG8thm5/8d7vKkC6DRL

Entry address:

0x7FAB2

Entry point:

E8, 73, 05, 00, 00, E9, 1C, FD, FF, FF, FF, 25, E0, 51, 49, 00, FF, 25, E4, 51, 49, 00, FF, 25, A8, 51, 49, 00, FF, 25, A4, 51, 49, 00, FF, 25, A0, 51, 49, 00, FF, 25, 9C, 51, 49, 00, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 5D, E9, AF, 05, 00, 00, FF, 25, 98, 51, 49, 00, FF, 25, E8, 51, 49, 00, FF, 25, 94, 51, 49, 00, FF, 25, 90, 51, 49, 00, 8B, FF, 55, 8B... 
[+]

Entropy:

7.1363

Code size:

592 KB (606,208 bytes)

Scheduled Task

Task name:

AllmyappsUpdateTask

Trigger:

Daily (Runs daily at 9:14 PM)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to server-52-85-184-221.fra2.r.cloudfront.net (52.85.184.221:443)

TCP (HTTP):

Connects to ec2-50-17-209-183.compute-1.amazonaws.com (50.17.209.183:80)

TCP (HTTP SSL):

Connects to api.allmyapps.typhon.net (78.109.85.103:443)

TCP (HTTP SSL):

Connects to allmyapps.typhon.net (78.109.85.101:443)

TCP (HTTP):

Connects to 174.127.102.227.static.midphase.com (174.127.102.227:80)

Remove Allmyapps.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.