File name:

outbyte-driver-updater.exe

Full analysis: https://app.any.run/tasks/528716fc-0217-40da-a09e-957a92c18d2a
Verdict: Malicious activity
Analysis date: July 31, 2024, 20:31:03
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

BFBB46C049E5D57500C3F5CDB1BA7F45

SHA1:

C58483FB9FE53E411C03BE9D2D7B73BBE48793E4

SHA256:

351B5948FC7F05D1D6ECF2C46CCC82AD540859D9130BE307E6BF22B41DA1A766

SSDEEP:

196608:i4jYUvwsyR6ggM6T+bnTw4GdzvvuzcxwsOleD:i40Hsya/T+A4qvvuDsOlk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads security settings of Internet Explorer

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Checks Windows Trust Settings

      • Installer.exe (PID: 6788)

    • Reads the BIOS version

      • Installer.exe (PID: 6788)

    • Reads the Windows owner or organization settings

      • Installer.exe (PID: 6788)

    • There is functionality for communication over UDP network (YARA)

      • Installer.exe (PID: 6788)

  • INFO

    • Create files in a temporary directory

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Process checks computer location settings

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads Environment values

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads the computer name

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Checks supported languages

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Checks proxy server information

      • outbyte-driver-updater.exe (PID: 6496)
      • Installer.exe (PID: 6788)

    • Reads the machine GUID from the registry

      • Installer.exe (PID: 6788)

    • Reads the software policy settings

      • Installer.exe (PID: 6788)

    • Creates files or folders in the user directory

      • Installer.exe (PID: 6788)

    • Reads Windows Product ID

      • Installer.exe (PID: 6788)

    • Creates files in the program directory

      • Installer.exe (PID: 6788)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (79.7)
.exe | Win32 Executable (generic) (8.6)
.exe | Win16/32 Executable Delphi generic (3.9)
.exe | Generic Win/DOS Executable (3.8)
.exe | DOS Executable Generic (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:15 18:38:03+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 143872
InitializedDataSize: 330240
UninitializedDataSize: -
EntryPoint: 0x24530
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.3.3.29920
ProductVersionNumber: 2.3.3.29920
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Driver Updater
CompanyName: Outbyte
FileDescription: Outbyte Driver Updater Installation File
FileVersion: 2.3.3.29920
LegalCopyright: Copyright © 2016-2024 Outbyte Computing Pty Ltd
OriginalFileName: Outbyte-driver-updater-setup.exe
ProductName: Driver Updater
ProductVersion: 2.x
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
122
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outbyte-driver-updater.exe THREAT installer.exe outbyte-driver-updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6432"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exeexplorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
MEDIUM
Description:
Outbyte Driver Updater Installation File
Exit code:
3221226540
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6496"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exe
explorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Outbyte Driver Updater Installation File
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6788"C:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Installer.exe" /spid:6496 /splha:36807488C:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Installer.exe
outbyte-driver-updater.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Installer
Version:
2.3.3.29920
Modules
Images
c:\users\admin\appdata\local\temp\is-10362641.tmp\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
6 090
Read events
6 064
Write events
26
Delete events
0

Modification events

(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.CustomClientId
Value:
1036007967.855036238427
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.URLClientId
Value:
1036007967.855036238427
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6496) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D484312-C2E8-96B5-2103-43B791F33EFF}\Version
Operation:writeName:Assembly
Value:
79D02920588C76A61540647CF08B0A8B79D02920588C76A61540647CF08B0A8B88AD8CBB5ED3F66B83A8A2CDF194269C890BB34AEBD806E41A50D3BD9C0B4765219909F09E75DEC0927FF4E8152284CD219909F09E75DEC0927FF4E8152284CD59B5414605BAE21E9735786EB516D3F8DE1283C2AFF9BF99D33ED2740C86BBD2F8157495FE950FA4A01046BB55F00DAD0F20AA1B1ADFE602954529934D03147D
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.CID
Value:
2746132340.1722457881
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.SID
Value:
t5X5vansJG
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:Application.GAIV.FunnelDate
Value:
B3D9085D1B38E640
(PID) Process:(6788) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.Language
Value:
ENU
Executable files
17
Suspicious files
15
Text files
1
Unknown types
1

Dropped files

PID
Process
Filename
Type
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\enu.lngbinary
MD5:9455ECD37BE8EE2D3949A4A34EDE2DD0
SHA256:074673C79FC8606B5A87CB5A52F4A91218831DC53B8E63A3D8E4EDB41357D2DE
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\fra.lngbinary
MD5:13DB89C58F0E6E632F3D036D753EA7FB
SHA256:B64A6A0C7FBEF9FCE62FEBDD227F7BEE7EF344A62116B4DF90AB25FEDE7D22E8
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\deu.lngbinary
MD5:A2352B514C8E9C6AAB9BF666336CC3A2
SHA256:3E972D678566983AD5D78644E400B20121946E110263B1890D525E299F952B1C
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\jpn.lngbinary
MD5:827C25F3AF9E89FA53219AEB1D373FA9
SHA256:5AA8C0536A41DD65520AFF319BC37C38784BF779147CD860F2B0802C97EAC5CB
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\ptb.lngbinary
MD5:208DAC0479E8E7C4C54D64ADE7B42498
SHA256:AC7677BA57DA17649D8281EAA1385DA4FBFD9BC7FD7FCFFF39A82937149CB98F
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Lang\esp.lngbinary
MD5:5DD75EF12DE58410DD3275591F49113C
SHA256:7818791650723D977F72E96332B333F7CDA310EE541A16E968205CF40F36709E
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\Installer.exebinary
MD5:2F1908B8473BF08AFF928A95EE9ADF2D
SHA256:A9C97F9BDDE97F6A761CAE877E4D90B9E07253C5FE6E683708423E1CB90A535C
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\AxComponentsRTL.bplexecutable
MD5:C3A7D193162A47EE3E83DC39ABA8C5F1
SHA256:78849FB6DD5B547EE9B968CDD1A47DFD6808A34338667979B198742F3F2BE761
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\vclie250.bplexecutable
MD5:6539840764CAF2DEA0C749ACFE340203
SHA256:FA03A4E41CD6FF0E0DBB01C45E378E720A47FB156BF49A125BF31F376177D379
6496outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10362641.tmp\OxComponentsRTL.bplexecutable
MD5:EAA639D3B6FE692BEB942C27D7D2724B
SHA256:654D5C7C5D256CE188B821F598BE9CBCDFE61D6414B6D1FBCB62D1483D8C8AB9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
17
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6788
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6788
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6788
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAwfypkv9EfKYa1bFvWpvwk%3D
unknown
whitelisted
GET
200
45.33.97.245:443
https://outbyte.com/tools/userdata/?product=driver-updater
unknown
binary
13 b
unknown
GET
200
45.33.97.245:443
https://outbyte.com/sid/get/t5X5vansJG/
unknown
binary
51 b
unknown
GET
200
45.33.97.245:443
https://outbyte.com/tools/ipInfo/
unknown
binary
136 b
unknown
POST
204
142.250.185.174:443
https://www.google-analytics.com/mp/collect?measurement_id=G-SEW4YMR3XJ&api_secret=Bwp8gLa9SqG7iUYK8RMmcg
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4664
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1928
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4664
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6788
Installer.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4324
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.110
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
outbyte.com
  • 45.33.97.245
unknown
www.google-analytics.com
  • 142.250.185.78
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
outbyte-driver-updater.exe