uncheckitupdate.exe

Uncheckit Module

EVANGEL TECHNOLOGY (HK) LIMITED

The application uncheckitupdate.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named UncheckitUpdateTaskC triggered daily at a specified time. This file is typically installed with the program Uncheckit by EVANGEL TECHNOLOGY (HK) LIMITED. While running, it connects to the Internet address server-52-84-33-70.ewr50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
EVANGEL TECHNOLOGY (HK) LIMITED

Product:
Uncheckit Module

Description:
uncheckit update

Version:
2.0.8.25888

MD5:
f35c716f87ada41ebf8f42fc856b0c4e

SHA-1:
842c535efc50660f8afd3144d17b51d556012734

SHA-256:
4565ae22308cbeb33eca18b0bbea309fc8618f739527d728123c2a267729ba5e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 8:12:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Evangel.Uncheckit (M)
16.11.11.11

File size:
179 KB (183,296 bytes)

Product version:
2.0.8.25888

Copyright:
Copyright (c) 2011-2016 EVANGEL TECHNOLOGY (HK) LIMITED

Original file name:
Update.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\uncheckit\uncheckitupdate.exe

File PE Metadata
Compilation timestamp:
11/11/2016 4:45:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:oAmvish+x0HWQMps2vrosWdYV7kyhVgGWSEhJtDozBN6c:oA4ha00ps2TjGybgG+VozB

Entry address:
0x18860

Entry point:
E8, 9C, 05, 00, 00, E9, 4C, FE, FF, FF, 55, 8B, EC, FF, 15, 88, D0, 41, 00, 6A, 01, A3, 44, 9B, 42, 00, E8, 93, 06, 00, 00, FF, 75, 08, E8, 91, 06, 00, 00, 83, 3D, 44, 9B, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 79, 06, 00, 00, 59, 68, 09, 04, 00, C0, E8, 7A, 06, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 19, 17, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 28, 99, 42, 00, 89, 0D, 24, 99, 42, 00, 89, 15, 20, 99, 42, 00, 89, 1D, 1C, 99, 42, 00, 89, 35, 18, 99, 42, 00, 89, 3D, 14...
 
[+]

Code size:
109.5 KB (112,128 bytes)

Scheduled Task
Task name:
UncheckitUpdateTaskC

Trigger:
Daily (Runs daily at 10:56)

Description:
Uncheckit Update Task


The file uncheckitupdate.exe has been discovered within the following program.

Uncheckit  by EVANGEL TECHNOLOGY (HK) LIMITED
About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-240-186-197.mad50.r.cloudfront.net  (54.240.186.197:80)

TCP (HTTP):
Connects to server-54-240-186-160.mad50.r.cloudfront.net  (54.240.186.160:80)

TCP (HTTP):
Connects to server-54-192-36-183.jfk1.r.cloudfront.net  (54.192.36.183:80)

TCP (HTTP):
Connects to server-52-84-126-101.iad16.r.cloudfront.net  (52.84.126.101:80)

TCP (HTTP):
Connects to server-54-230-163-237.jax1.r.cloudfront.net  (54.230.163.237:80)

TCP (HTTP):
Connects to server-54-230-163-15.jax1.r.cloudfront.net  (54.230.163.15:80)

TCP (HTTP):
Connects to server-52-85-74-120.lhr3.r.cloudfront.net  (52.85.74.120:80)

TCP (HTTP):
Connects to server-54-192-230-21.waw50.r.cloudfront.net  (54.192.230.21:80)

TCP (HTTP):
Connects to server-54-239-132-204.sfo9.r.cloudfront.net  (54.239.132.204:80)

TCP (HTTP):
Connects to server-52-85-221-32.cdg50.r.cloudfront.net  (52.85.221.32:80)

TCP (HTTP):
Connects to server-52-85-173-26.fra6.r.cloudfront.net  (52.85.173.26:80)

TCP (HTTP):
Connects to server-54-230-206-51.atl50.r.cloudfront.net  (54.230.206.51:80)

TCP (HTTP):
Connects to server-54-230-141-204.sfo5.r.cloudfront.net  (54.230.141.204:80)

TCP (HTTP):
Connects to server-54-192-36-253.jfk1.r.cloudfront.net  (54.192.36.253:80)

TCP (HTTP):
Connects to server-52-85-173-170.fra6.r.cloudfront.net  (52.85.173.170:80)

TCP (HTTP):
Connects to server-52-84-33-70.ewr50.r.cloudfront.net  (52.84.33.70:80)

TCP (HTTP):
Connects to server-54-239-132-36.sfo9.r.cloudfront.net  (54.239.132.36:80)

TCP (HTTP):
Connects to server-54-230-95-24.fra2.r.cloudfront.net  (54.230.95.24:80)

TCP (HTTP):
Connects to server-54-230-81-167.mia50.r.cloudfront.net  (54.230.81.167:80)

TCP (HTTP):
Connects to server-54-230-81-153.mia50.r.cloudfront.net  (54.230.81.153:80)

Remove uncheckitupdate.exe - Powered by Reason Core Security