uou.exe

The application uou.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. While running, it connects to the Internet address blob.am5prdstr07a.store.core.windows.net on port 443.
Version:
0.0.0.0

MD5:
b700d8a229919a13f2dcf3d6115b7916

SHA-1:
619bca1565417463c8fbb991400fd5436cecbdea

SHA-256:
6a4781bc94f4689d029d9d9ac1aa47ede9fdfc4b49cf1a3a504f738084612529

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:56:39 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.MSIL.Linkury
4.0.3.151020

ESET NOD32
MSIL/Toolbar.Linkury.AG potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.MSIL.Toolbar
t3scan.1.9.5.0

Malwarebytes
PUP.Optional.Linkury
v2015.10.20.12

Rising Antivirus
PE:Malware.RDM.32!5.26[F1]
23.00.65.151018

SUPERAntiSpyware
PUP.Linkury/Variant
9558

File size:
56.5 KB (57,856 bytes)

Product version:
0.0.0.0

Original file name:
uou.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\rarsfx1\uou.exe

File PE Metadata
Compilation timestamp:
10/18/2015 4:18:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:jGidJ3EZY9FADlCvlkGmylymbEl+l1Tso50Kf:jNj3E292Mt+yBEl+Tso50Kf

Entry address:
0xF76E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
54 KB (55,296 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:443)

Remove uou.exe - Powered by Reason Core Security