» outloseupdate.exe
Overview
Analysis
File Details
Behaviors (1)

outloseupdate.exe

Wei Liu

The application outloseupdate.exe by Wei Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named OutloseUpdateTaskMachineCore triggered by a time event.

File name:

outloseupdate.exe

Publisher:

Wei Liu (signed and verified)

MD5:

d4542ed7aabf3d4d7314e9a48b57b524

SHA-1:

efafb0bda5cba2f221104f957e6cdcd0fce37ec9

SHA-256:

38e8d6132478c46054229b582bf9e88500d2b1e196efce08d54822251f6f47ec

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 2:36:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex (M)

16.7.16.19

File size:

553.9 KB (567,168 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\outlose\update\outloseupdate.exe

Digital Signature

Signed by:

Wei Liu

Authority:

thawte, Inc.

Valid from:

7/13/2016 5:00:00 PM

Valid to:

4/1/2017 4:59:59 PM

Subject:

CN=Wei Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

617143AF6F0ED52E629162A0D5FD76EB

File PE Metadata

Compilation timestamp:

7/13/2016 10:21:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

12288:O+b1ALI0jbR31mFV3fSeGA4ecIjMeYsEzYzsWZg97:91ALI0jbR312cedgs9zrm97

Entry address:

0x49250

Entry point:

98, 03, 75, 00, 00, 99, F0, 8E, 8F, 8F, 8F, 55, A8, B3, 36, 00, FB, 3D, 84, 14, F9, 7D, 00, 00, 00, 00, 29, 2F, 2F, 2E, 2B, FB, 95, 2D, 21, 82, B3, 20, 14, 8F, 45, 00, 00, 00, 00, FD, 34, 54, 7C, 5B, 14, 54, 7C, 23, 26, 27, F9, 58, FB, 98, D1, CC, 21, 38, 00, 43, B5, 20, 8F, 05, 8C, B7, 35, 8C, 8F, 8F, 8F, 8F, FD, 35, 84, 14, D3, 00, 00, 00, 00, 82, B3, 20, 14, 8F, 45, 00, 00, 00, 00, FD, 34, 54, 7C, 5B, 14, 54, 7C, 23, 26, 27, F9, 58, FB, 98, D1, CC, 21, 38, 00, 43, B5, 20, F9, 15, 80, 8F, 05, 8C, B7, 35... 
[+]

Entropy:

6.4437

Code size:

425.5 KB (435,712 bytes)

Scheduled Task

Task name:

OutloseUpdateTaskMachineCore

Trigger:

Time

Remove outloseupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.