utility belt v3.3.exe

USTechSupport Service Launcher

Outsource Testing, Inc.

The executable utility belt v3.3.exe, “Tech Toolset Launcher” has been detected as malware by 19 anti-virus scanners. The file has been seen being downloaded from ostcs.cloudapp.net.
Publisher:
USTechSupport LLC  (signed by Outsource Testing, Inc.)

Product:
USTechSupport Service Launcher

Description:
Tech Toolset Launcher

Version:
1.0.0.1

MD5:
2a8b185e5cbcc72ddff5e9b368a7b656

SHA-1:
31e0fcee10ef25278e3f3a64669c5ea132e20742

SHA-256:
b9093b4f3ba55f71753378f35198859ea4ee74b8777dac922453380ade35c36c

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
11/5/2024 5:55:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Bublik
7.1.1

AhnLab V3 Security
Malware/Win32.Generic
2015.09.07

Avira AntiVirus
TR/Agent.1557432
8.3.2.2

AVG
Dropper.Generic_r
2017.0.2868

Baidu Antivirus
Trojan.Win32.Bublik
4.0.3.16110

Dr.Web
Tool.Skymonk.37
9.0.1.010

ESET NOD32
Generik.DWYMCYC (variant)
10.12211

Fortinet FortiGate
W32/Bublik.DNEW!tr
1/10/2016

IKARUS anti.virus
Trojan.Win32.Bublik
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.2017125

McAfee
GenericR-DIC!2A8B185E5CBC
5600.6524

NANO AntiVirus
Trojan.Win32.Bublik.dqaqym
0.30.24.3283

Panda Antivirus
Trj/Genetic.gen
16.01.10.02

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D[F1]
23.00.65.16108

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R021C0OCT15
10.465.10

Vba32 AntiVirus
Trojan.Bublik
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43520

Zillya! Antivirus
Trojan.Bublik.Win32.16448
2.0.0.2388

File size:
1.5 MB (1,557,432 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2015 USTechSupport

Original file name:
Bootstrapper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/17/2013 4:00:00 PM

Valid to:
11/18/2015 3:59:59 PM

Subject:
CN="Outsource Testing, Inc.", O="Outsource Testing, Inc.", STREET=1278 Center Court Dr, L=Covina, S=California, PostalCode=91724, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
15BA528B29B446F3B8D13A88ED6B2BEA

File PE Metadata
Compilation timestamp:
3/20/2015 12:12:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:2k/5bVJHnS2SDILHAetxZGE7GV6h11GqJAyNJ1cfYOioCb13kcl60n02lhMg:f5bOEVAyNJ1cfRCbAe02H

Entry address:
0x3BB52

Entry point:
E8, D9, B9, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, 75, 46, 00, E8, 68, 81, 00, 00, E8, F7, 59, 00, 00, 0F, B7, F0, 6A, 02, E8, 6C, B9, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 35, B2, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
4.6581

Code size:
344 KB (352,256 bytes)

The file utility belt v3.3.exe has been seen being distributed by the following URL.

Remove utility belt v3.3.exe - Powered by Reason Core Security