daeied.exe

Glary Utilities

Glarysoft Ltd

The application daeied.exe, “Glary Utilities AutoUpdate” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address server-52-84-126-41.iad16.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Glarysoft Ltd

Product:
Glary Utilities

Description:
Glary Utilities AutoUpdate

Version:
5, 0, 0, 8

MD5:
532201626903ee199199ec02f9158e83

SHA-1:
d8754167ff9bc7dc156362b3169afccef8095b45

SHA-256:
46862f8a2e7687251eebc50c5aef41db055a97cd6531686bcdc30b7d7e325f86

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 4:06:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GlarySoft.AU
17.2.23.17

File size:
1002.9 KB (1,026,920 bytes)

Product version:
5.0.0.1

Copyright:
Copyright (c) 2003-2014 Glarysoft Ltd

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\Program Files\jzachsuiry\daeied.exe

File PE Metadata
Compilation timestamp:
5/15/2014 7:42:36 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x347DD

Entry point:
E8, BB, 5D, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 40, 66, 46, 00, 75, 02, F3, C3, E9, 3D, 5E, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 14, 1F, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 65, 08, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 00, 5F, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 9F, 24, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73...
 
[+]

Entropy:
7.4489

Code size:
323 KB (330,752 bytes)

Scheduled Task
Task name:
Cuputyperwoent Host

Trigger:
Daily (Runs daily at 21:00)

Description:
The Host is used by Cuputyperwoent.


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-77-211.lax3.r.cloudfront.net  (52.85.77.211:80)

TCP (HTTP):
Connects to server-54-240-186-237.mad50.r.cloudfront.net  (54.240.186.237:80)

TCP (HTTP):
Connects to server-54-240-186-110.mad50.r.cloudfront.net  (54.240.186.110:80)

TCP (HTTP):
Connects to server-52-84-87-208.yul62.r.cloudfront.net  (52.84.87.208:80)

TCP (HTTP):
Connects to server-52-84-87-185.yul62.r.cloudfront.net  (52.84.87.185:80)

TCP (HTTP):
Connects to server-52-85-77-88.lax3.r.cloudfront.net  (52.85.77.88:80)

TCP (HTTP):
Connects to server-54-192-36-235.jfk1.r.cloudfront.net  (54.192.36.235:80)

TCP (HTTP):
Connects to server-54-192-36-202.jfk1.r.cloudfront.net  (54.192.36.202:80)

TCP (HTTP):
Connects to server-54-192-36-192.jfk1.r.cloudfront.net  (54.192.36.192:80)

TCP (HTTP):
Connects to server-54-192-36-173.jfk1.r.cloudfront.net  (54.192.36.173:80)

TCP (HTTP):
Connects to server-54-240-186-148.mad50.r.cloudfront.net  (54.240.186.148:80)

TCP (HTTP):
Connects to server-54-230-216-88.mrs50.r.cloudfront.net  (54.230.216.88:80)

TCP (HTTP):
Connects to server-54-230-216-171.mrs50.r.cloudfront.net  (54.230.216.171:80)

TCP (HTTP):
Connects to server-54-230-206-200.atl50.r.cloudfront.net  (54.230.206.200:80)

TCP (HTTP):
Connects to server-54-230-187-18.cdg51.r.cloudfront.net  (54.230.187.18:80)

TCP (HTTP):
Connects to server-54-192-36-40.jfk1.r.cloudfront.net  (54.192.36.40:80)

TCP (HTTP):
Connects to server-54-192-36-114.jfk1.r.cloudfront.net  (54.192.36.114:80)

TCP (HTTP):
Connects to server-54-192-3-33.lhr5.r.cloudfront.net  (54.192.3.33:80)

TCP (HTTP):
Connects to server-54-192-29-150.dub2.r.cloudfront.net  (54.192.29.150:80)

TCP (HTTP):
Connects to server-54-192-25-254.mxp4.r.cloudfront.net  (54.192.25.254:80)

Remove daeied.exe - Powered by Reason Core Security