oldfreda.exe

yssoft

The application oldfreda.exe, “LuckyTool Application” by yssoft has been detected as a potentially unwanted program by 7 anti-malware scanners. While running, it connects to the Internet address 14.234.212.118.adsl-pool.jx.chinaunicom.com on port 443.
Publisher:
luckytool  (signed by yssoft)

Product:
luckytool

Description:
LuckyTool Application

Version:
1.0.0.1

MD5:
8da8b15869fdb4322fca20daa86282ad

SHA-1:
0df3c94b5bd9e5347c4eef19c58dd4b5b4690a0d

SHA-256:
23fc3adca05c1d89cdf9d9c5648042ac61dec0830021baa1063ee69fdbf30cc2

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 2:04:40 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.SubShop
2014.10.08

AVG
Generic
2016.0.3004

Dr.Web
Trojan.Click3.9707
9.0.1.0240

herdProtect (fuzzy)
2015.8.28.10

McAfee
Artemis!F8B47D180C6B
5600.6660

Reason Heuristics
PUP.yssoft (M)
15.7.26.12

Trend Micro House Call
Suspicious_GEN.F47V1108
7.2.240

File size:
3.6 MB (3,757,048 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014 luckytool

Original file name:
luckytool

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\oldfred\oldfreda.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/18/2014 9:00:00 AM

Valid to:
4/18/2016 8:59:59 AM

Subject:
CN=yssoft, O=yssoft, L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7FB2D2278AC1A204482539F930E81A6C

File PE Metadata
Compilation timestamp:
4/21/2015 4:38:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:Xu545ZyhKmtQf5lD+N0H8A528B5d7OFLOAkGkzdnEVomFHKnPb:+eU1KS828B5d7OFLOyomFHKnPb

Entry address:
0x1442C8

Entry point:
E8, 0B, CD, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, AE, 5B, 00, E8, C2, 19, 00, 00, E8, 93, 66, 00, 00, 0F, B7, F0, 6A, 02, E8, 9E, CC, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BC, 9D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.7341

Code size:
1.4 MB (1,494,016 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to server-52-84-185-6.icn54.r.cloudfront.net  (52.84.185.6:80)

TCP (HTTP):
Connects to mbox01.hanafos.com  (211.110.197.21:80)

TCP (HTTP):
Connects to i0-h0-s2021.p59-icn.cdngp.net  (61.110.225.124:80)

TCP (HTTP SSL):
Connects to hn.kd.ny.adsl  (42.236.125.11:443)

TCP (HTTP):
Connects to ec2-52-87-81-29.compute-1.amazonaws.com  (52.87.81.29:80)

TCP (HTTP):
Connects to a23-33-151-247.deploy.static.akamaitechnologies.com  (23.33.151.247:80)

TCP (HTTP SSL):
Connects to 14.234.212.118.adsl-pool.jx.chinaunicom.com  (118.212.234.14:443)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.45:80)

TCP (HTTP):
Connects to server-52-84-189-180.icn54.r.cloudfront.net  (52.84.189.180:80)

TCP (HTTP):
Connects to mbox07.hanafos.com  (211.110.197.27:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to ec2-34-195-59-39.compute-1.amazonaws.com  (34.195.59.39:80)

TCP (HTTP):
Connects to c0.a2.2ca9.ip4.static.sl-reverse.com  (169.44.162.192:80)

TCP (HTTP SSL):
Connects to 15.234.212.118.adsl-pool.jx.chinaunicom.com  (118.212.234.15:443)

Remove oldfreda.exe - Powered by Reason Core Security