» daeied.exe
Overview
Analysis
File Details
Behaviors (1)
Network (80)

daeied.exe

Glary Utilities

Glarysoft Ltd

The application daeied.exe, “Glary Utilities AutoUpdate” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address server-52-84-126-41.iad16.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

daeied.exe

Publisher:

Glarysoft Ltd

Product:

Glary Utilities

Description:

Glary Utilities AutoUpdate

Version:

5, 0, 0, 8

MD5:

532201626903ee199199ec02f9158e83

SHA-1:

d8754167ff9bc7dc156362b3169afccef8095b45

SHA-256:

46862f8a2e7687251eebc50c5aef41db055a97cd6531686bcdc30b7d7e325f86

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/30/2024 8:23:29 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.GlarySoft.AU

17.2.23.17

File size:

1002.9 KB (1,026,920 bytes)

Product version:

5.0.0.1

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, China)

Common path:

C:\Program Files\jzachsuiry\daeied.exe

File PE Metadata

Compilation timestamp:

5/15/2014 7:42:36 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x347DD

Entry point:

E8, BB, 5D, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 40, 66, 46, 00, 75, 02, F3, C3, E9, 3D, 5E, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 14, 1F, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 65, 08, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 00, 5F, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 9F, 24, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73... 
[+]

Entropy:

7.4489

Code size:

323 KB (330,752 bytes)

Scheduled Task

Task name:

Cuputyperwoent Host

Trigger:

Daily (Runs daily at 21:00)

Description:

The Host is used by Cuputyperwoent.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-85-77-211.lax3.r.cloudfront.net (52.85.77.211:80)

TCP (HTTP):

Connects to server-54-240-186-237.mad50.r.cloudfront.net (54.240.186.237:80)

TCP (HTTP):

Connects to server-54-240-186-110.mad50.r.cloudfront.net (54.240.186.110:80)

TCP (HTTP):

Connects to server-52-84-87-208.yul62.r.cloudfront.net (52.84.87.208:80)

TCP (HTTP):

Connects to server-52-84-87-185.yul62.r.cloudfront.net (52.84.87.185:80)

TCP (HTTP):

Connects to server-52-85-77-88.lax3.r.cloudfront.net (52.85.77.88:80)

TCP (HTTP):

Connects to server-54-192-36-235.jfk1.r.cloudfront.net (54.192.36.235:80)

TCP (HTTP):

Connects to server-54-192-36-202.jfk1.r.cloudfront.net (54.192.36.202:80)

TCP (HTTP):

Connects to server-54-192-36-192.jfk1.r.cloudfront.net (54.192.36.192:80)

TCP (HTTP):

Connects to server-54-192-36-173.jfk1.r.cloudfront.net (54.192.36.173:80)

TCP (HTTP):

Connects to server-54-240-186-148.mad50.r.cloudfront.net (54.240.186.148:80)

TCP (HTTP):

Connects to server-54-230-216-88.mrs50.r.cloudfront.net (54.230.216.88:80)

TCP (HTTP):

Connects to server-54-230-216-171.mrs50.r.cloudfront.net (54.230.216.171:80)

TCP (HTTP):

Connects to server-54-230-206-200.atl50.r.cloudfront.net (54.230.206.200:80)

TCP (HTTP):

Connects to server-54-230-187-18.cdg51.r.cloudfront.net (54.230.187.18:80)

TCP (HTTP):

Connects to server-54-192-36-40.jfk1.r.cloudfront.net (54.192.36.40:80)

TCP (HTTP):

Connects to server-54-192-36-114.jfk1.r.cloudfront.net (54.192.36.114:80)

TCP (HTTP):

Connects to server-54-192-3-33.lhr5.r.cloudfront.net (54.192.3.33:80)

TCP (HTTP):

Connects to server-54-192-29-150.dub2.r.cloudfront.net (54.192.29.150:80)

TCP (HTTP):

Connects to server-54-192-25-254.mxp4.r.cloudfront.net (54.192.25.254:80)

Remove daeied.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.