» AllmyappsUpdater.exe
Overview
Analysis
File Details
Behaviors (1)
Network (21)

AllmyappsUpdater.exe

Allmyapps Updater

ALLMYAPPS

The application AllmyappsUpdater.exe by ALLMYAPPS has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named AllmyappsUpdateTask triggered daily at a specified time. While running, it connects to the Internet address server-54-192-59-197.gru1.r.cloudfront.net on port 443.

File name:

Publisher:

ALLMYAPPS (signed and verified)

Product:

Allmyapps Updater

Version:

2.0.0.24

MD5:

84b9aab23c24cb5c9c3f43165536bdac

SHA-1:

9e83c447d7559e4c01082e35b4b7ca90cc2966d4

SHA-256:

72a72e2b6869bd1dcb2cf6e4f84e3624eb2fe9f9f9d5d2969757f9f03ba6bc18

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 3:57:03 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Allmyapps

2015.0.3396

Reason Heuristics

PUP.Task.ALLMYAPPS.Q

14.8.1.0

File size:

309.9 KB (317,304 bytes)

Product version:

2.0.0.24

Original file name:

AllmyappsUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\users\{user}\appdata\roaming\allmyapps\allmyappsupdater.exe

Digital Signature

Signed by:

ALLMYAPPS

Authority:

Thawte, Inc.

Valid from:

10/4/2013 9:00:00 AM

Valid to:

10/5/2015 8:59:59 AM

Subject:

CN=ALLMYAPPS, OU=Allmyapps PC App Store, O=ALLMYAPPS, L=BOULOGNE BILLANCOURT, S=Hauts-de-Seine, C=FR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6717BD7C4A28450AD28EED495407F479

File PE Metadata

Compilation timestamp:

1/31/2014 2:02:26 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:fKiRb9kVHdDVSjLqqFhJqqDL6CqHRtOMaNq5a4x:f+qFeqn6k14x

Entry address:

0x28E2A

Entry point:

E8, 8A, 06, 00, 00, E9, 63, FD, FF, FF, 6A, 14, 68, A8, 08, 44, 00, E8, D0, 05, 00, 00, FF, 35, 74, 77, 44, 00, 8B, 35, A8, 00, 43, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 98, 01, 43, 00, 59, EB, 64, 6A, 08, E8, F7, 06, 00, 00, 59, 83, 65, FC, 00, FF, 35, 74, 77, 44, 00, FF, D6, 89, 45, E4, FF, 35, 70, 77, 44, 00, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, A4, 00, 43, 00, FF, D6, 50, E8, BD, 06, 00, 00, 83, C4, 0C, 89, 45, DC, FF, 75, E4, FF, D6, A3, 74... 
[+]

Entropy:

6.4809

Code size:

185 KB (189,440 bytes)

Scheduled Task

Task name:

AllmyappsUpdateTask

Trigger:

Daily (Runs daily at 9:57 PM)

Action:

allmyappsupdater.exe check startup

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to server-52-85-184-88.fra2.r.cloudfront.net (52.85.184.88:443)

TCP (HTTP SSL):

Connects to server-54-230-197-25.lhr50.r.cloudfront.net (54.230.197.25:443)

TCP (HTTP SSL):

Connects to server-54-239-172-62.atl50.r.cloudfront.net (54.239.172.62:443)

TCP (HTTP SSL):

Connects to server-54-230-73-230.hkg50.r.cloudfront.net (54.230.73.230:443)

TCP (HTTP SSL):

Connects to server-54-230-230-213.waw50.r.cloudfront.net (54.230.230.213:443)

TCP (HTTP SSL):

Connects to server-54-230-230-207.waw50.r.cloudfront.net (54.230.230.207:443)

TCP (HTTP SSL):

Connects to server-54-230-230-16.waw50.r.cloudfront.net (54.230.230.16:443)

TCP (HTTP SSL):

Connects to server-54-230-230-14.waw50.r.cloudfront.net (54.230.230.14:443)

TCP (HTTP SSL):

Connects to server-54-230-202-55.fra50.r.cloudfront.net (54.230.202.55:443)

TCP (HTTP SSL):

Connects to server-54-230-197-27.lhr50.r.cloudfront.net (54.230.197.27:443)

TCP (HTTP SSL):

Connects to server-54-192-83-168.mia50.r.cloudfront.net (54.192.83.168:443)

TCP (HTTP SSL):

Connects to server-54-192-59-27.gru1.r.cloudfront.net (54.192.59.27:443)

TCP (HTTP SSL):

Connects to server-54-192-59-197.gru1.r.cloudfront.net (54.192.59.197:443)

TCP (HTTP SSL):

Connects to server-54-192-44-196.fra6.r.cloudfront.net (54.192.44.196:443)

TCP (HTTP SSL):

Connects to server-54-192-229-188.waw50.r.cloudfront.net (54.192.229.188:443)

TCP (HTTP SSL):

Connects to server-54-192-217-236.mrs50.r.cloudfront.net (54.192.217.236:443)

TCP (HTTP SSL):

Connects to server-54-192-217-202.mrs50.r.cloudfront.net (54.192.217.202:443)

TCP (HTTP SSL):

Connects to server-54-192-183-212.icn50.r.cloudfront.net (54.192.183.212:443)

TCP (HTTP SSL):

Connects to server-54-182-4-4.hkg51.r.cloudfront.net (54.182.4.4:443)

TCP (HTTP SSL):

Connects to server-54-182-2-203.hkg51.r.cloudfront.net (54.182.2.203:443)

Remove AllmyappsUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.