home

allold.exe

Allold

Shanghai Yuntong Technology Co., Ltd.

The application allold.exe by Shanghai Yuntong Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Protect Service(AlloldP)”.
Publisher:
Shanghai Yuntong Technology Co., Ltd.  (signed and verified)

Product:
Allold

Version:
1.0.0.1

MD5:
ecc6b50ddb628ab78809217df8570017

SHA-1:
5d9a17e165b4133f78fa52567ccc1594713d0a2c

SHA-256:
11a3c2a89d0043a0d52f0c981a146b8ac0021625367c2cc9b6ed927f3398d16f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:47:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex (M)
16.6.26.12

File size:
416.9 KB (426,888 bytes)

Product version:
51.16.2704.63

Copyright:
Copyright (C) 2016 Allold Authors

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\allold\allold.exe

Digital Signature
Signed by:
Shanghai Yuntong Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
6/1/2016 2:00:00 AM

Valid to:
2/25/2017 12:59:59 AM

Subject:
CN="Shanghai Yuntong Technology Co., Ltd.", O="Shanghai Yuntong Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
089B3119C4FAB31D5BFDE2D2D5785A16

File PE Metadata
Compilation timestamp:
6/16/2016 11:08:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:sF1VAA/I2FUQnbeAdYaddlDAPy0VdR420LMmPUKOKo1wR6t:4I2mQj+MDcdlpLt

Entry address:
0x2E081

Entry point:
A7, CE, 79, 00, 00, A6, CF, B2, 81, A8, BF, 6A, 0B, AF, 3A, 00, CB, 02, BB, 28, F7, 5A, 00, 00, 00, 00, 27, 08, 1F, 11, 14, C7, 9B, 0A, 11, BD, 8C, 1C, 1A, A8, 75, 00, 00, 00, 00, DA, 04, 6B, 43, 67, 1A, 73, 4C, 1C, 19, 1B, F7, 7F, CB, A7, EE, F0, 5F, 11, 00, 7C, 8A, 1C, 81, 22, BC, 88, 0A, B0, 81, A8, BF, B0, C2, 09, 8A, 33, E3, 00, 00, 00, 00, A5, 83, 1F, 2B, B3, 4B, 00, 00, 00, 00, C1, 3A, 73, 4C, 64, 2B, 68, 72, 04, 16, 18, C6, 64, F5, BF, E1, F3, 6E, 0A, 00, 64, 85, 1F, C6, 29, 8E, A8, 35, B3, 88, 09...
 
[+]

Code size:
308 KB (315,392 bytes)

Service
Display name:
Protect Service(AlloldP)

Service name:
AlloldP

Description:
To ensure your Allold software integrity. If this service is disabled or stopped, your Allold software will not be kept integrity check. This service uninstalls itself when there is no Allold software

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove allold.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.