File name:

outbyte-driver-updater.exe

Full analysis: https://app.any.run/tasks/d6b6a801-29cc-4dc0-b2c3-fcc2602566d9
Verdict: Malicious activity
Analysis date: August 01, 2024, 17:56:22
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

BFBB46C049E5D57500C3F5CDB1BA7F45

SHA1:

C58483FB9FE53E411C03BE9D2D7B73BBE48793E4

SHA256:

351B5948FC7F05D1D6ECF2C46CCC82AD540859D9130BE307E6BF22B41DA1A766

SSDEEP:

196608:i4jYUvwsyR6ggM6T+bnTw4GdzvvuzcxwsOleD:i40Hsya/T+A4qvvuDsOlk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Reads security settings of Internet Explorer

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Checks Windows Trust Settings

      • Installer.exe (PID: 7016)

    • Reads the BIOS version

      • Installer.exe (PID: 7016)

    • There is functionality for communication over UDP network (YARA)

      • Installer.exe (PID: 7016)

    • Reads the Windows owner or organization settings

      • Installer.exe (PID: 7016)

  • INFO

    • Create files in a temporary directory

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Process checks computer location settings

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Reads the computer name

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Checks supported languages

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Reads Environment values

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Checks proxy server information

      • outbyte-driver-updater.exe (PID: 6964)
      • Installer.exe (PID: 7016)

    • Reads the software policy settings

      • Installer.exe (PID: 7016)

    • Reads the machine GUID from the registry

      • Installer.exe (PID: 7016)

    • Creates files or folders in the user directory

      • Installer.exe (PID: 7016)

    • Creates files in the program directory

      • Installer.exe (PID: 7016)

    • Reads Windows Product ID

      • Installer.exe (PID: 7016)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 EXE PECompact compressed (generic) (79.7)
.exe | Win32 Executable (generic) (8.6)
.exe | Win16/32 Executable Delphi generic (3.9)
.exe | Generic Win/DOS Executable (3.8)
.exe | DOS Executable Generic (3.8)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:15 18:38:03+00:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 143872
InitializedDataSize: 330240
UninitializedDataSize: -
EntryPoint: 0x24530
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.3.3.29920
ProductVersionNumber: 2.3.3.29920
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: Driver Updater
CompanyName: Outbyte
FileDescription: Outbyte Driver Updater Installation File
FileVersion: 2.3.3.29920
LegalCopyright: Copyright © 2016-2024 Outbyte Computing Pty Ltd
OriginalFileName: Outbyte-driver-updater-setup.exe
ProductName: Driver Updater
ProductVersion: 2.x
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
113
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outbyte-driver-updater.exe THREAT installer.exe outbyte-driver-updater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6840"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exeexplorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
MEDIUM
Description:
Outbyte Driver Updater Installation File
Exit code:
3221226540
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6964"C:\Users\admin\Desktop\outbyte-driver-updater.exe" C:\Users\admin\Desktop\outbyte-driver-updater.exe
explorer.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Outbyte Driver Updater Installation File
Version:
2.3.3.29920
Modules
Images
c:\users\admin\desktop\outbyte-driver-updater.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7016"C:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Installer.exe" /spid:6964 /splha:37724992C:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Installer.exe
outbyte-driver-updater.exe
User:
admin
Company:
Outbyte
Integrity Level:
HIGH
Description:
Installer
Version:
2.3.3.29920
Modules
Images
c:\users\admin\appdata\local\temp\is-10536292.tmp\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
6 100
Read events
6 072
Write events
28
Delete events
0

Modification events

(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.CustomClientId
Value:
1036007967.747669571756
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.URLClientId
Value:
1036007967.747669571756
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6964) outbyte-driver-updater.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D484312-C2E8-96B5-2103-43B791F33EFF}\Version
Operation:writeName:Assembly
Value:
365150B8C94A9C73944DEC32E81218BB365150B8C94A9C73944DEC32E81218BB88AD8CBB5ED3F66B83A8A2CDF194269C890BB34AEBD806E41A50D3BD9C0B4765219909F09E75DEC0927FF4E8152284CD219909F09E75DEC0927FF4E8152284CD59B5414605BAE21E9735786EB516D3F8DE1283C2AFF9BF99D33ED2740C86BBD2F8157495FE950FA4A01046BB55F00DAD0F20AA1B1ADFE602954529934D03147D
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.CID
Value:
3074059418.1722535003
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.TrackingIV.SID
Value:
SFLT0ldv9m
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:Application.GAIV.FunnelDate
Value:
BFD66AED3738E640
(PID) Process:(7016) Installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Outbyte\Driver Updater\2.x\Settings
Operation:writeName:General.Language
Value:
ENU
Executable files
16
Suspicious files
14
Text files
2
Unknown types
2

Dropped files

PID
Process
Filename
Type
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\esp.lngbinary
MD5:5DD75EF12DE58410DD3275591F49113C
SHA256:7818791650723D977F72E96332B333F7CDA310EE541A16E968205CF40F36709E
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\SetupHelper.dllexecutable
MD5:7A29A34755754B7541AFCD5BF1801341
SHA256:139470E7E2FFE39DAF8BB722CFEE05BEA1E7CECF6FD6CCFF31431A897DE9D1C1
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\enu.lngbinary
MD5:9455ECD37BE8EE2D3949A4A34EDE2DD0
SHA256:074673C79FC8606B5A87CB5A52F4A91218831DC53B8E63A3D8E4EDB41357D2DE
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\InstallerUtils.dllexecutable
MD5:95D95FE50BEE00F87946A2CD1D43FB66
SHA256:ADC52E27A490B387C9DFBF9562D309C7A588C5732CFE3A90B45268A5ECA94C5E
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\ptb.lngbinary
MD5:208DAC0479E8E7C4C54D64ADE7B42498
SHA256:AC7677BA57DA17649D8281EAA1385DA4FBFD9BC7FD7FCFFF39A82937149CB98F
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\rtl250.bplexecutable
MD5:481B636BD54E231810C7D2C045D70168
SHA256:4722EF802CE0F9971EE37D56CB821800C11048C4BF72D81B6702CA7690AB531B
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\deu.lngbinary
MD5:A2352B514C8E9C6AAB9BF666336CC3A2
SHA256:3E972D678566983AD5D78644E400B20121946E110263B1890D525E299F952B1C
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\fra.lngbinary
MD5:13DB89C58F0E6E632F3D036D753EA7FB
SHA256:B64A6A0C7FBEF9FCE62FEBDD227F7BEE7EF344A62116B4DF90AB25FEDE7D22E8
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\Lang\jpn.lngbinary
MD5:827C25F3AF9E89FA53219AEB1D373FA9
SHA256:5AA8C0536A41DD65520AFF319BC37C38784BF779147CD860F2B0802C97EAC5CB
6964outbyte-driver-updater.exeC:\Users\admin\AppData\Local\Temp\is-10536292.tmp\CommonForms.Site.dllexecutable
MD5:2CA11DB4D0C2A737187C002F731E014A
SHA256:7230F57DF4B2B8B91E10DC66EFCFC3096306D29A5513B0EAB96024F4EE465CD4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
17
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7016
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAwfypkv9EfKYa1bFvWpvwk%3D
unknown
whitelisted
7016
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
7016
Installer.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
GET
200
45.33.97.245:443
https://outbyte.com/tools/userdata/?product=driver-updater
unknown
binary
13 b
unknown
POST
204
142.250.185.174:443
https://www.google-analytics.com/mp/collect?measurement_id=G-SEW4YMR3XJ&api_secret=Bwp8gLa9SqG7iUYK8RMmcg
unknown
unknown
GET
200
45.33.97.245:443
https://outbyte.com/sid/get/SFLT0ldv9m/
unknown
binary
51 b
unknown
GET
200
45.33.97.245:443
https://outbyte.com/tools/ipInfo/
unknown
binary
115 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
7016
Installer.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
7016
Installer.exe
45.33.97.245:443
outbyte.com
Linode, LLC
US
unknown
7016
Installer.exe
142.250.184.238:443
www.google-analytics.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
outbyte.com
  • 45.33.97.245
unknown
www.google-analytics.com
  • 142.250.184.238
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
outbyte-driver-updater.exe