home

oozes.exe

Oozes

The application oozes.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 23624542 triggered to execute each time a user logs in.
Publisher:
Oozes

Product:
Oozes

Version:
2.1.5.145

MD5:
62b7f4a78bbdede1b6c5f4b7472d4dec

SHA-1:
a2eaa8a9edd4612d5a16130bcb9e6a33434c5ed2

SHA-256:
4a0cec42ef516b574bbe8dde6c0f76907f03aaf47c2c551718174c85f5badd6b

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:56:45 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.11.21

File size:
11 KB (11,264 bytes)

Product version:
2.1.5.145

Copyright:
Copyright © Oozes 2017

Trademarks:
© 2017 Oozes

Original file name:
oozes.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\radiologists\oozes.exe

File PE Metadata
Compilation timestamp:
2/9/2017 10:38:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x412E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.1253

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8.5 KB (8,704 bytes)

Scheduled Task
Task name:
23624542

Trigger:
Logon (Runs on logon)

Description:
2362454223624542


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP SSL):
Connects to ec2-52-4-81-171.compute-1.amazonaws.com  (52.4.81.171:443)

TCP (HTTP):
Connects to server-54-230-5-145.dfw3.r.cloudfront.net  (54.230.5.145:80)

TCP (HTTP SSL):
Connects to a23-75-66-75.deploy.static.akamaitechnologies.com  (23.75.66.75:443)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.62:80)

TCP (HTTP):
Connects to anycast.sc.iasds01.com  (199.166.0.200:80)

TCP (HTTP SSL):
Connects to server-52-84-125-35.iad16.r.cloudfront.net  (52.84.125.35:443)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):
Connects to pr-east.pbp.vip.bf1.yahoo.com  (98.139.225.168:80)

TCP (HTTP):
Connects to ec2-52-206-147-54.compute-1.amazonaws.com  (52.206.147.54:80)

TCP (HTTP SSL):
Connects to ec2-54-85-254-218.compute-1.amazonaws.com  (54.85.254.218:443)

TCP (HTTP):
Connects to ec2-52-200-196-73.compute-1.amazonaws.com  (52.200.196.73:80)

TCP (HTTP SSL):
Connects to ec2-52-21-205-143.compute-1.amazonaws.com  (52.21.205.143:443)

TCP (HTTP):
Connects to server-52-84-126-51.iad16.r.cloudfront.net  (52.84.126.51:80)

TCP (HTTP):
Connects to ec2-54-235-230-184.compute-1.amazonaws.com  (54.235.230.184:80)

TCP (HTTP SSL):
Connects to ec2-54-204-17-8.compute-1.amazonaws.com  (54.204.17.8:443)

TCP (HTTP):
Connects to ec2-52-2-31-146.compute-1.amazonaws.com  (52.2.31.146:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.dca.yahoo.com  (69.147.92.12:443)

TCP (HTTP):
Connects to cdce.dal003.internap.com  (74.201.53.201:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

Remove oozes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.