» outloseupdate.exe
Overview
Analysis
File Details
Behaviors (1)
Network (12)

outloseupdate.exe

Wei Liu

The application outloseupdate.exe by Wei Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named OutloseUpdateTaskMachineCore triggered by a time event. While running, it connects to the Internet address server-52-85-83-244.lax1.r.cloudfront.net on port 443.

File name:

outloseupdate.exe

Publisher:

Wei Liu (signed and verified)

MD5:

d4542ed7aabf3d4d7314e9a48b57b524

SHA-1:

4e1cd133537795f0d269b209b87e2958edffcca8

SHA-256:

dc35486644749fa1a80592d43b926e8e99f87d2c4cc1a2768791f7ceb36ff51c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 3:07:32 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex.WeiLiu (M)

16.7.14.15

File size:

553.9 KB (567,168 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\outlose\update\outloseupdate.exe

Digital Signature

Signed by:

Wei Liu

Authority:

thawte, Inc.

Valid from:

7/14/2016 7:00:00 AM

Valid to:

4/2/2017 6:59:59 AM

Subject:

CN=Wei Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

617143AF6F0ED52E629162A0D5FD76EB

File PE Metadata

Compilation timestamp:

7/14/2016 12:21:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

12288:O+b1ALI0jbR31mFE3fSeGA4ecIjMeYsEzYzsWZg97:91ALI0jbR31xcedgs9zrm97

Entry address:

0x49250

Entry point:

98, 03, 75, 00, 00, 99, F0, 8E, 8F, 8F, 8F, 55, A8, B3, 36, 00, FB, 3D, 84, 14, F9, 7D, 00, 00, 00, 00, 29, 2F, 2F, 2E, 2B, FB, 95, 2D, 21, 82, B3, 20, 14, 8F, 45, 00, 00, 00, 00, FD, 34, 54, 7C, 5B, 14, 54, 7C, 23, 26, 27, F9, 58, FB, 98, D1, CC, 21, 38, 00, 43, B5, 20, 8F, 05, 8C, B7, 35, 8C, 8F, 8F, 8F, 8F, FD, 35, 84, 14, D3, 00, 00, 00, 00, 82, B3, 20, 14, 8F, 45, 00, 00, 00, 00, FD, 34, 54, 7C, 5B, 14, 54, 7C, 23, 26, 27, F9, 58, FB, 98, D1, CC, 21, 38, 00, 43, B5, 20, F9, 15, 80, 8F, 05, 8C, B7, 35... 
[+]

Entropy:

6.4437

Code size:

425.5 KB (435,712 bytes)

Scheduled Task

Task name:

OutloseUpdateTaskMachineCore

Trigger:

Time

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 125.235.4.59.adsl.viettel.vn (125.235.4.59:80)

TCP (HTTP SSL):

Connects to server-54-230-141-10.sfo5.r.cloudfront.net (54.230.141.10:443)

TCP (HTTP SSL):

Connects to server-54-239-132-12.sfo9.r.cloudfront.net (54.239.132.12:443)

TCP (HTTP SSL):

Connects to server-52-84-246-229.sfo20.r.cloudfront.net (52.84.246.229:443)

TCP (HTTP):

Connects to ip-172-26-136-19.ec2.internal (172.26.136.19:80)

TCP (HTTP SSL):

Connects to server-52-85-83-87.lax1.r.cloudfront.net (52.85.83.87:443)

TCP (HTTP SSL):

Connects to server-52-84-25-219.sea32.r.cloudfront.net (52.84.25.219:443)

TCP (HTTP):

Connects to ip-172-26-136-17.ec2.internal (172.26.136.17:80)

TCP (HTTP):

Connects to a91-245-214-11.deploy.akamaitechnologies.com (91.245.214.11:80)

TCP (HTTP SSL):

Connects to server-54-230-141-244.sfo5.r.cloudfront.net (54.230.141.244:443)

TCP (HTTP SSL):

Connects to server-52-85-83-244.lax1.r.cloudfront.net (52.85.83.244:443)

TCP (HTTP SSL):

Connects to server-52-84-22-11.sea32.r.cloudfront.net (52.84.22.11:443)

Remove outloseupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.