File name:

outbyte-driver-updater.exe

Full analysis: https://app.any.run/tasks/d6b6a801-29cc-4dc0-b2c3-fcc2602566d9
Verdict: Malicious activity
Analysis date: August 01, 2024, 17:56:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

BFBB46C049E5D57500C3F5CDB1BA7F45

SHA1:

C58483FB9FE53E411C03BE9D2D7B73BBE48793E4

SHA256:

351B5948FC7F05D1D6ECF2C46CCC82AD540859D9130BE307E6BF22B41DA1A766

SSDEEP:

196608:i4jYUvwsyR6ggM6T+bnTw4GdzvvuzcxwsOleD:i40Hsya/T+A4qvvuDsOlk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Reads security settings of Internet Explorer

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Checks Windows Trust Settings

      • Installer.exe (PID: 7016)

    • Reads the BIOS version

      • Installer.exe (PID: 7016)

    • Reads the Windows owner or organization settings

      • Installer.exe (PID: 7016)

    • There is functionality for communication over UDP network (YARA)

      • Installer.exe (PID: 7016)

  • INFO

    • Reads Environment values

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Checks supported languages

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Create files in a temporary directory

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Checks proxy server information

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Reads the computer name

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Process checks computer location settings

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Reads the machine GUID from the registry

      • Installer.exe (PID: 7016)

    • Creates files or folders in the user directory

      • Installer.exe (PID: 7016)

    • Reads Windows Product ID

      • Installer.exe (PID: 7016)

    • Reads the software policy settings

      • Installer.exe (PID: 7016)

    • Creates files in the program directory

      • Installer.exe (PID: 7016)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (79.7)
.exe | Win32 Executable (generic) (8.6)
.exe | Win16/32 Executable Delphi generic (3.9)
.exe | Generic Win/DOS Executable (3.8)
.exe | DOS Executable Generic (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:15 18:38:03+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 143872
InitializedDataSize: 330240
UninitializedDataSize: -
EntryPoint: 0x24530
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.3.3.29920
ProductVersionNumber: 2.3.3.29920
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Driver Updater
CompanyName: Outbyte
FileDescription: Outbyte Driver Updater Installation File
FileVersion: 2.3.3.29920
LegalCopyright: Copyright © 2016-2024 Outbyte Computing Pty Ltd
OriginalFileName: Outbyte-driver-updater-setup.exe
ProductName: Driver Updater
ProductVersion: 2.x
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
113
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outbyte-driver-updater.exe THREAT installer.exe outbyte-driver-updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6840"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exeexplorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
MEDIUM
Description:
Outbyte Driver Updater Installation File
Exit code:
3221226540
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6964"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exe
explorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Outbyte Driver Updater Installation File
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7016"C:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Installer.exe" /spid:6964 /splha:37724992C:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Installer.exe
outbyte-driver-updater.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Installer
Version:
2.3.3.29920
Modules
Images
c:\users\admin\appdata\local\temp\is-10536292.tmp\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
6 100
Read events
6 072
Write events
28
Delete events
0

Modification events

(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.CustomClientId
Value:
1036007967.747669571756
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.URLClientId
Value:
1036007967.747669571756
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D484312-C2E8-96B5-2103-43B791F33EFF}\Version
Operation:writeName:Assembly
Value:
365150B8C94A9C73944DEC32E81218BB365150B8C94A9C73944DEC32E81218BB88AD8CBB5ED3F66B83A8A2CDF194269C890BB34AEBD806E41A50D3BD9C0B4765219909F09E75DEC0927FF4E8152284CD219909F09E75DEC0927FF4E8152284CD59B5414605BAE21E9735786EB516D3F8DE1283C2AFF9BF99D33ED2740C86BBD2F8157495FE950FA4A01046BB55F00DAD0F20AA1B1ADFE602954529934D03147D
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.CID
Value:
3074059418.1722535003
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.SID
Value:
SFLT0ldv9m
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:Application.GAIV.FunnelDate
Value:
BFD66AED3738E640
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.Language
Value:
ENU
Executable files
16
Suspicious files
14
Text files
2
Unknown types
2

Dropped files

PID
Process
Filename
Type
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\fra.lngbinary
MD5:13DB89C58F0E6E632F3D036D753EA7FB
SHA256:B64A6A0C7FBEF9FCE62FEBDD227F7BEE7EF344A62116B4DF90AB25FEDE7D22E8
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\SetupHelper.dllexecutable
MD5:7A29A34755754B7541AFCD5BF1801341
SHA256:139470E7E2FFE39DAF8BB722CFEE05BEA1E7CECF6FD6CCFF31431A897DE9D1C1
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\ptb.lngbinary
MD5:208DAC0479E8E7C4C54D64ADE7B42498
SHA256:AC7677BA57DA17649D8281EAA1385DA4FBFD9BC7FD7FCFFF39A82937149CB98F
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\jpn.lngbinary
MD5:827C25F3AF9E89FA53219AEB1D373FA9
SHA256:5AA8C0536A41DD65520AFF319BC37C38784BF779147CD860F2B0802C97EAC5CB
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\deu.lngbinary
MD5:A2352B514C8E9C6AAB9BF666336CC3A2
SHA256:3E972D678566983AD5D78644E400B20121946E110263B1890D525E299F952B1C
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\esp.lngbinary
MD5:5DD75EF12DE58410DD3275591F49113C
SHA256:7818791650723D977F72E96332B333F7CDA310EE541A16E968205CF40F36709E
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\AxComponentsRTL.bplexecutable
MD5:C3A7D193162A47EE3E83DC39ABA8C5F1
SHA256:78849FB6DD5B547EE9B968CDD1A47DFD6808A34338667979B198742F3F2BE761
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\ita.lngbinary
MD5:152C0C480E5D2FF5EC5EF0BE40284184
SHA256:A3A490B68F5699350EBF90DA5C5E5EC01C7940EE4CA8A4E9D39150E579A19C7C
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\rtl250.bplexecutable
MD5:481B636BD54E231810C7D2C045D70168
SHA256:4722EF802CE0F9971EE37D56CB821800C11048C4BF72D81B6702CA7690AB531B
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\vcl250.bplexecutable
MD5:841026051B1D109DF5808266CA610C6E
SHA256:2DBAA8B91E2E9FBB1E9A9AFAFA192386C30C2CBC87DA9AF77A763E11122A1E17
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
17
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7016
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
7016
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
7016
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAwfypkv9EfKYa1bFvWpvwk%3D
unknown
whitelisted
POST
204
142.250.185.174:443
https://www.google-analytics.com/mp/collect?measurement_id=G-SEW4YMR3XJ&api_secret=Bwp8gLa9SqG7iUYK8RMmcg
unknown
unknown
GET
200
45.33.97.245:443
https://outbyte.com/tools/ipInfo/
unknown
binary
115 b
unknown
GET
200
45.33.97.245:443
https://outbyte.com/sid/get/SFLT0ldv9m/
unknown
binary
51 b
unknown
GET
200
45.33.97.245:443
https://outbyte.com/tools/userdata/?product=driver-updater
unknown
binary
13 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
7016
Installer.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
7016
Installer.exe
45.33.97.245:443
outbyte.com
Linode, LLC
US
unknown
7016
Installer.exe
142.250.184.238:443
www.google-analytics.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
outbyte.com
  • 45.33.97.245
unknown
www.google-analytics.com
  • 142.250.184.238
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
outbyte-driver-updater.exe