Traffic Exchange Updater.exe

Traffic Exchange

MICROLEAVES LTD

The application Traffic Exchange Updater.exe, “Traffic Exchange Updater Traffic Exchange 2.0.0 © Microleaves, Inc, 2016” by MICROLEAVES has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address server7.download.online.io on port 80 using the HTTP protocol.
Publisher:
Microleaves  (signed by MICROLEAVES LTD)

Product:
Traffic Exchange

Description:
Traffic Exchange Updater Traffic Exchange 2.0.0 © Microleaves, Inc, 2016

Version:
2.0.0

MD5:
54cba714956848280e7c8d3ec04bc456

SHA-1:
8c3c4656d397c13498c48f7dd849dacb2399ff7a

SHA-256:
22ca5ee415c3105601e3fa9c0763faf1ea38bf78b907ac887512b6c405c81728

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:02:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.OnlineIO (L)
17.1.27.10

File size:
756.8 KB (775,008 bytes)

Product version:
2.0.0

Copyright:
Copyright (C) 2017 Microleaves

Original file name:
Traffic Exchange Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\microleaves\traffic exchange\traffic exchange updater.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
4/21/2016 2:00:00 AM

Valid to:
4/22/2017 1:59:59 AM

Subject:
CN=MICROLEAVES LTD, O=MICROLEAVES LTD, L=London, S=London, C=GB, SERIALNUMBER=09500488, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6A1A9CD144D454F7026C806D95533AB9

File PE Metadata
Compilation timestamp:
12/14/2016 12:28:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2F320

Entry point:
E8, C3, 04, 00, 00, E9, 8E, FE, FF, FF, 55, 8B, EC, 6A, FF, 68, DB, 6D, 44, 00, 64, A1, 00, 00, 00, 00, 50, 51, 53, 56, 57, A1, 0C, 80, 45, 00, 33, C5, 50, 8D, 45, F4, 64, A3, 00, 00, 00, 00, 89, 65, F0, FF, 75, 08, 83, 65, FC, 00, E8, 68, FD, FF, FF, 59, EB, 08, B8, 68, F3, 42, 00, C3, 33, C0, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5E, 5B, 8B, E5, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 53, 56, 6A, 17, E8, FC, 2D, 01, 00, 85, C0, 74, 05, 8B, 4D, 08, CD, 29, 33, F6, 8D, 85, DC, FC, FF, FF, 68...
 
[+]

Code size:
280 KB (286,720 bytes)

Scheduled Task
Task name:
Traffic Exchange Updater

Trigger:
Daily (Runs daily at 14:57)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server27.download.online.io  (178.62.197.47:80)

TCP (HTTP):
Connects to server31.download.online.io  (198.199.122.130:80)

TCP (HTTP):
Connects to server12.download.online.io  (198.199.71.182:80)

TCP (HTTP):
Connects to server11.download.online.io  (159.203.61.160:80)

TCP (HTTP):
Connects to server8.download.online.io  (178.62.209.37:80)

TCP (HTTP):
Connects to server26.download.online.io  (146.185.149.180:80)

TCP (HTTP):
Connects to server37.download.online.io  (146.185.128.107:80)

TCP (HTTP):
Connects to server34.download.online.io  (104.236.165.87:80)

TCP (HTTP):
Connects to server22.download.online.io  (162.243.101.191:80)

TCP (HTTP):
Connects to server2.download.online.io  (162.243.57.51:80)

TCP (HTTP):
Connects to server18.download.online.io  (188.166.148.87:80)

TCP (HTTP):
Connects to server16.download.online.io  (146.185.128.234:80)

TCP (HTTP):
Connects to server9.download.online.io  (46.101.22.73:80)

TCP (HTTP):
Connects to server7.download.online.io  (146.185.146.133:80)

TCP (HTTP):
Connects to server29.download.online.io  (46.101.141.230:80)

TCP (HTTP):
Connects to server25.download.online.io  (138.68.15.183:80)

TCP (HTTP):
Connects to server17.download.online.io  (178.62.199.132:80)

TCP (HTTP):
Connects to server14.download.online.io  (159.203.225.159:80)

TCP (HTTP):
Connects to server13.download.online.io  (104.131.184.128:80)

TCP (HTTP):
Connects to server6.download.online.io  (138.68.0.102:80)

Remove Traffic Exchange Updater.exe - Powered by Reason Core Security