outlook.exe

Outlook

Downloads Manager Ltd

The application outlook.exe by Downloads Manager has been detected as adware by 4 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address bl180.afx.ms on port 443.
Publisher:
Downloads Manager  (signed by Downloads Manager Ltd)

Product:
Outlook

Version:
1.0.0.0

MD5:
728ae7005cbfe32dcf20d4f7a5108d74

SHA-1:
9e01017b26d937233fbe854c7f54fc4343f86bb3

SHA-256:
fe4eb90d69deb40fa9a11abecd67756adae06d4dda33c9433dc4d3ea10d18e95

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 5:04:43 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3219

Norman
InstallCore.WQEB
11.20150124

Reason Heuristics
PUP.DownloadsManager
15.1.24.15

VIPRE Antivirus
Threat.4786018
36666

File size:
6.7 MB (7,047,328 bytes)

Product version:
4.6.1.0

Copyright:
2014 downloadape.org

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\outlook\outlook.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/16/2014 1:00:00 AM

Valid to:
5/17/2015 12:59:59 AM

Subject:
CN=Downloads Manager Ltd, O=Downloads Manager Ltd, STREET=Level 27 PWC Tower 188 Quay St, L=Auckland City, S=Auckland, PostalCode=1010, C=NZ

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5E4DA60FFC5160823A52FCFF2AC150A9

File PE Metadata
Compilation timestamp:
3/26/2013 9:28:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:+VsTXZf9fMxU39AuOew1a/18Y2TXWJa9J+ToGVqc6rWCawWkoXzWR4mh/XsV3xha:+VkXZfBh9Ab7Y66WWkoD6hKhhn3MR

Entry address:
0x453170

Entry point:
55, 8B, EC, 83, C4, F0, B8, 14, 3E, 84, 00, E8, 70, CD, BB, FF, 6A, 00, 6A, 00, 6A, 00, E8, F1, 06, FF, FF, 8B, 15, 9C, 64, 95, 00, 89, 02, E8, 7C, 80, BB, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9786

Developed / compiled with:
Microsoft Visual C++

Code size:
4.7 MB (4,904,960 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to msnbot-65-52-108-76.search.msn.com  (65.52.108.76:443)

TCP (HTTP SSL):
Connects to s-prd-req-adcom-scd-blue-b.evip.aol.com  (149.174.66.133:443)

TCP (HTTP SSL):
Connects to oneads-atatwola-adtech-scd-blue-b.evip.aol.com  (152.163.20.131:443)

TCP (HTTP SSL):
Connects to bl180.afx.ms  (65.55.118.92:443)

TCP (HTTP SSL):
Connects to a96-17-8-81.deploy.akamaitechnologies.com  (96.17.8.81:443)

TCP (HTTP SSL):
Connects to a23-195-230-52.deploy.static.akamaitechnologies.com  (23.195.230.52:443)

TCP (HTTP SSL):
Connects to 1.dat-e-baseonline.com  (66.186.15.226:443)

TCP (HTTP SSL):
Connects to s-prd-umpxl-adcom-scd-blue-b.evip.aol.com  (149.174.66.131:443)

TCP (HTTP SSL):
Connects to s-prd-umpxl-adcom-scd-a.evip.aol.com  (152.163.13.4:443)

TCP (HTTP SSL):
Connects to anycast.sc.iasds01.com  (199.166.0.200:443)

TCP (HTTP SSL):
Connects to a69-192-204-26.deploy.akamaitechnologies.com  (69.192.204.26:443)

TCP (HTTP SSL):
Connects to a23-60-73-23.deploy.static.akamaitechnologies.com  (23.60.73.23:443)

TCP (HTTP SSL):
Connects to a23-60-72-51.deploy.static.akamaitechnologies.com  (23.60.72.51:443)

TCP (HTTP SSL):
Connects to a23-60-72-241.deploy.static.akamaitechnologies.com  (23.60.72.241:443)

TCP (HTTP SSL):
Connects to server-52-84-51-104.sea32.r.cloudfront.net  (52.84.51.104:443)

TCP (HTTP SSL):
Connects to server-52-84-24-237.sea32.r.cloudfront.net  (52.84.24.237:443)

TCP (HTTP SSL):
Connects to server-52-84-24-120.sea32.r.cloudfront.net  (52.84.24.120:443)

TCP (HTTP SSL):
Connects to ox-173-241-242-143.xv.dc.openx.org  (173.241.242.143:443)

TCP (HTTP SSL):
Connects to nycp-hlb15.doubleverify.com  (204.154.111.118:443)

TCP (HTTP SSL):
Connects to mpr2.ngd.vip.gq1.yahoo.com  (216.39.55.13:443)

Remove outlook.exe - Powered by Reason Core Security