» ouc.exe
Overview
Analysis
File Details
Behaviors (1)

ouc.exe

The executable ouc.exe has been detected as malware by 11 anti-virus scanners. It runs as a windows Service named “PLAY ONLINE. OUC”. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

ouc.exe

MD5:

6fae0ef7dc6e5d99d75af85a85ea8a1f

SHA-1:

72f3e5464122324f02de76573a1d30ea6bcdedcc

SHA-256:

5677088b24cbceb601a85d4a6176176d689a95f9e7109dcb2fda6d88559cc580

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 9:00:35 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160209-2

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6208.0

Norman

Win32.Sality.3

08.02.2016 04:24:12

Sophos

Virus 'Mal/Sality-D'

5.23

VIPRE Antivirus

Threat.4721115

47086

File size:

316.3 KB (323,936 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\play online\onlineupdate\ouc.exe

File PE Metadata

Compilation timestamp:

4/7/2011 7:14:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

6144:1zb3wQIVETseubZ48Rek00IHersvOIKUO1wmfDfKhQBEN7soCGe:FzpTBD8RekRI+gv9oXfuhSRGe

Entry address:

0x12A0

Entry point:

81, C8, 08, E7, 61, 6A, 4F, 81, CE, 4C, 17, 79, BB, 0F, AF, CB, 85, E9, 70, 05, F6, C6, 66, 88, C9, 69, E8, 1C, 5C, 47, 86, 84, C9, FF, CE, F3, FF, C2, F7, C0, 08, 3B, 0E, CB, E8, 00, 00, 00, 00, 81, FE, 75, 25, 00, 00, 72, 0E, C7, C3, 70, A0, 51, 34, C7, C0, C8, 1D, BC, 44, 8B, C7, 80, D9, BF, 8A, E0, 74, 05, FF, C3, 4B, 84, DF, 87, ED, FF, CE, 8B, D9, C7, C6, 20, 20, 8F, E7, 0F, B6, EE, 8D, 17, 71, 0E, C7, C5, 20, CC, 0C, 76, 84, F2, C7, C3, 29, A1, 3C, 8B, 88, EB, 8D, 02, EB, 02, 21, FE, F7, C1, 8C, 6F... 
[+]

Code size:

175.5 KB (179,712 bytes)

Service

Display name:

PLAY ONLINE. OUC

Service name:

PLAY ONLINE. RunOuc

Type:

Win32OwnProcess, InteractiveProcess

Remove ouc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.