outloseupdate.exe

Wei Liu

The application outloseupdate.exe by Wei Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named OutloseUpdateTaskMachineCore triggered by a time event.
Publisher:
Wei Liu  (signed and verified)

MD5:
d4542ed7aabf3d4d7314e9a48b57b524

SHA-1:
0ecba3f8e4e2434ab3d8b589722091374197f9f7

SHA-256:
dc35486644749fa1a80592d43b926e8e99f87d2c4cc1a2768791f7ceb36ff51c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 3:02:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.11.4.19

File size:
553.9 KB (567,168 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\outlose\update\outloseupdate.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
7/14/2016 2:00:00 AM

Valid to:
4/2/2017 1:59:59 AM

Subject:
CN=Wei Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
617143AF6F0ED52E629162A0D5FD76EB

File PE Metadata
Compilation timestamp:
7/14/2016 7:21:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:O+b1ALI0jbR31mFE3fSeGA4ecIjMeYsEzYzsWZg97:91ALI0jbR31xcedgs9zrm97

Entry address:
0x49250

Entry point:
98, 03, 75, 00, 00, 99, F0, 8E, 8F, 8F, 8F, 55, A8, B3, 36, 00, FB, 3D, 84, 14, F9, 7D, 00, 00, 00, 00, 29, 2F, 2F, 2E, 2B, FB, 95, 2D, 21, 82, B3, 20, 14, 8F, 45, 00, 00, 00, 00, FD, 34, 54, 7C, 5B, 14, 54, 7C, 23, 26, 27, F9, 58, FB, 98, D1, CC, 21, 38, 00, 43, B5, 20, 8F, 05, 8C, B7, 35, 8C, 8F, 8F, 8F, 8F, FD, 35, 84, 14, D3, 00, 00, 00, 00, 82, B3, 20, 14, 8F, 45, 00, 00, 00, 00, FD, 34, 54, 7C, 5B, 14, 54, 7C, 23, 26, 27, F9, 58, FB, 98, D1, CC, 21, 38, 00, 43, B5, 20, F9, 15, 80, 8F, 05, 8C, B7, 35...
 
[+]

Code size:
425.5 KB (435,712 bytes)

Scheduled Task
Task name:
OutloseUpdateTaskMachineCore

Trigger:
Time


Remove outloseupdate.exe - Powered by Reason Core Security