» oldfreda.exe
Overview
Analysis
File Details
Network (18)

oldfreda.exe

yssoft

The application oldfreda.exe, “LuckyTool Application” by yssoft has been detected as a potentially unwanted program by 7 anti-malware scanners. While running, it connects to the Internet address 14.234.212.118.adsl-pool.jx.chinaunicom.com on port 443.

File name:

oldfreda.exe

Publisher:

luckytool (signed by yssoft)

Product:

luckytool

Description:

LuckyTool Application

Version:

1.0.0.1

MD5:

8da8b15869fdb4322fca20daa86282ad

SHA-1:

0df3c94b5bd9e5347c4eef19c58dd4b5b4690a0d

SHA-256:

23fc3adca05c1d89cdf9d9c5648042ac61dec0830021baa1063ee69fdbf30cc2

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

11/22/2024 9:02:46 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.SubShop

2014.10.08

AVG

Generic

2016.0.3004

Dr.Web

Trojan.Click3.9707

9.0.1.0240

herdProtect (fuzzy)

variant of xupicor.exe (PUP)

2015.8.28.10

McAfee

Artemis!F8B47D180C6B

5600.6660

Reason Heuristics

PUP.yssoft (M)

15.7.26.12

Trend Micro House Call

Suspicious_GEN.F47V1108

7.2.240

File size:

3.6 MB (3,757,048 bytes)

Product version:

1.0.0.1

Original file name:

luckytool

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\oldfred\oldfreda.exe

Digital Signature

Signed by:

yssoft

Authority:

Thawte, Inc.

Valid from:

4/18/2014 9:00:00 AM

Valid to:

4/18/2016 8:59:59 AM

Subject:

CN=yssoft, O=yssoft, L=Guro-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7FB2D2278AC1A204482539F930E81A6C

File PE Metadata

Compilation timestamp:

4/21/2015 4:38:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:Xu545ZyhKmtQf5lD+N0H8A528B5d7OFLOAkGkzdnEVomFHKnPb:+eU1KS828B5d7OFLOyomFHKnPb

Entry address:

0x1442C8

Entry point:

E8, 0B, CD, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, AE, 5B, 00, E8, C2, 19, 00, 00, E8, 93, 66, 00, 00, 0F, B7, F0, 6A, 02, E8, 9E, CC, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BC, 9D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.7341

Code size:

1.4 MB (1,494,016 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-65-20-150.ap-northeast-1.compute.amazonaws.com (54.65.20.150:80)

TCP (HTTP):

Connects to server-52-84-185-6.icn54.r.cloudfront.net (52.84.185.6:80)

TCP (HTTP):

Connects to mbox01.hanafos.com (211.110.197.21:80)

TCP (HTTP):

Connects to i0-h0-s2021.p59-icn.cdngp.net (61.110.225.124:80)

TCP (HTTP SSL):

Connects to hn.kd.ny.adsl (42.236.125.11:443)

TCP (HTTP):

Connects to ec2-52-87-81-29.compute-1.amazonaws.com (52.87.81.29:80)

TCP (HTTP):

Connects to a23-33-151-247.deploy.static.akamaitechnologies.com (23.33.151.247:80)

TCP (HTTP SSL):

Connects to 14.234.212.118.adsl-pool.jx.chinaunicom.com (118.212.234.14:443)

TCP (HTTP):

Connects to unknown.telstraglobal.net (210.176.156.45:80)

TCP (HTTP):

Connects to server-52-84-189-180.icn54.r.cloudfront.net (52.84.189.180:80)

TCP (HTTP):

Connects to mbox07.hanafos.com (211.110.197.27:80)

TCP (HTTP):

Connects to ec2-52-69-188-121.ap-northeast-1.compute.amazonaws.com (52.69.188.121:80)

TCP (HTTP):

Connects to ec2-52-199-17-109.ap-northeast-1.compute.amazonaws.com (52.199.17.109:80)

TCP (HTTP):

Connects to ec2-52-193-188-15.ap-northeast-1.compute.amazonaws.com (52.193.188.15:80)

TCP (HTTP):

Connects to ec2-52-192-131-248.ap-northeast-1.compute.amazonaws.com (52.192.131.248:80)

TCP (HTTP):

Connects to ec2-34-195-59-39.compute-1.amazonaws.com (34.195.59.39:80)

TCP (HTTP):

Connects to c0.a2.2ca9.ip4.static.sl-reverse.com (169.44.162.192:80)

TCP (HTTP SSL):

Connects to 15.234.212.118.adsl-pool.jx.chinaunicom.com (118.212.234.15:443)

Remove oldfreda.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.