AllmyappsUpdater.exe

Allmyapps Updater

ALLMYAPPS

The application AllmyappsUpdater.exe by ALLMYAPPS has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named AllmyappsUpdateTask triggered daily at a specified time. While running, it connects to the Internet address server-54-192-59-197.gru1.r.cloudfront.net on port 443.
Publisher:
ALLMYAPPS  (signed and verified)

Product:
Allmyapps Updater

Version:
2.0.0.24

MD5:
84b9aab23c24cb5c9c3f43165536bdac

SHA-1:
9e83c447d7559e4c01082e35b4b7ca90cc2966d4

SHA-256:
72a72e2b6869bd1dcb2cf6e4f84e3624eb2fe9f9f9d5d2969757f9f03ba6bc18

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:50:20 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Allmyapps
2015.0.3396

Reason Heuristics
PUP.Task.ALLMYAPPS.Q
14.8.1.0

File size:
309.9 KB (317,304 bytes)

Product version:
2.0.0.24

Copyright:
Copyright (C) 2013

Original file name:
AllmyappsUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\appdata\roaming\allmyapps\allmyappsupdater.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/4/2013 9:00:00 AM

Valid to:
10/5/2015 8:59:59 AM

Subject:
CN=ALLMYAPPS, OU=Allmyapps PC App Store, O=ALLMYAPPS, L=BOULOGNE BILLANCOURT, S=Hauts-de-Seine, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6717BD7C4A28450AD28EED495407F479

File PE Metadata
Compilation timestamp:
1/31/2014 2:02:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:fKiRb9kVHdDVSjLqqFhJqqDL6CqHRtOMaNq5a4x:f+qFeqn6k14x

Entry address:
0x28E2A

Entry point:
E8, 8A, 06, 00, 00, E9, 63, FD, FF, FF, 6A, 14, 68, A8, 08, 44, 00, E8, D0, 05, 00, 00, FF, 35, 74, 77, 44, 00, 8B, 35, A8, 00, 43, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 98, 01, 43, 00, 59, EB, 64, 6A, 08, E8, F7, 06, 00, 00, 59, 83, 65, FC, 00, FF, 35, 74, 77, 44, 00, FF, D6, 89, 45, E4, FF, 35, 70, 77, 44, 00, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, A4, 00, 43, 00, FF, D6, 50, E8, BD, 06, 00, 00, 83, C4, 0C, 89, 45, DC, FF, 75, E4, FF, D6, A3, 74...
 
[+]

Entropy:
6.4809

Code size:
185 KB (189,440 bytes)

Scheduled Task
Task name:
AllmyappsUpdateTask

Trigger:
Daily (Runs daily at 9:57 PM)

Action:
allmyappsupdater.exe check startup


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-52-85-184-88.fra2.r.cloudfront.net  (52.85.184.88:443)

TCP (HTTP SSL):
Connects to server-54-230-197-25.lhr50.r.cloudfront.net  (54.230.197.25:443)

TCP (HTTP SSL):
Connects to server-54-239-172-62.atl50.r.cloudfront.net  (54.239.172.62:443)

TCP (HTTP SSL):
Connects to server-54-230-73-230.hkg50.r.cloudfront.net  (54.230.73.230:443)

TCP (HTTP SSL):
Connects to server-54-230-230-213.waw50.r.cloudfront.net  (54.230.230.213:443)

TCP (HTTP SSL):
Connects to server-54-230-230-207.waw50.r.cloudfront.net  (54.230.230.207:443)

TCP (HTTP SSL):
Connects to server-54-230-230-16.waw50.r.cloudfront.net  (54.230.230.16:443)

TCP (HTTP SSL):
Connects to server-54-230-230-14.waw50.r.cloudfront.net  (54.230.230.14:443)

TCP (HTTP SSL):
Connects to server-54-230-202-55.fra50.r.cloudfront.net  (54.230.202.55:443)

TCP (HTTP SSL):
Connects to server-54-230-197-27.lhr50.r.cloudfront.net  (54.230.197.27:443)

TCP (HTTP SSL):
Connects to server-54-192-83-168.mia50.r.cloudfront.net  (54.192.83.168:443)

TCP (HTTP SSL):
Connects to server-54-192-59-27.gru1.r.cloudfront.net  (54.192.59.27:443)

TCP (HTTP SSL):
Connects to server-54-192-59-197.gru1.r.cloudfront.net  (54.192.59.197:443)

TCP (HTTP SSL):
Connects to server-54-192-44-196.fra6.r.cloudfront.net  (54.192.44.196:443)

TCP (HTTP SSL):
Connects to server-54-192-229-188.waw50.r.cloudfront.net  (54.192.229.188:443)

TCP (HTTP SSL):
Connects to server-54-192-217-236.mrs50.r.cloudfront.net  (54.192.217.236:443)

TCP (HTTP SSL):
Connects to server-54-192-217-202.mrs50.r.cloudfront.net  (54.192.217.202:443)

TCP (HTTP SSL):
Connects to server-54-192-183-212.icn50.r.cloudfront.net  (54.192.183.212:443)

TCP (HTTP SSL):
Connects to server-54-182-4-4.hkg51.r.cloudfront.net  (54.182.4.4:443)

TCP (HTTP SSL):
Connects to server-54-182-2-203.hkg51.r.cloudfront.net  (54.182.2.203:443)

Remove AllmyappsUpdater.exe - Powered by Reason Core Security