» allupdate.exe
Overview
Analysis
File Details
Behaviors (1)

allupdate.exe

ALLPlayer

ALLPlayer Group

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ALLUpdate’.

File name:

allupdate.exe

Publisher:

ALLPlayer Group Ltd. (signed by ALLPlayer Group)

Product:

ALLPlayer

Description:

ALLPlayer Update

Version:

5.8.0.0

MD5:

11878261b9f7c62a6b2ddc125e5daa4a

SHA-1:

9917ca0676ccc0ae509bc4707cd4642c15fe2dbf

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 3:56:48 PM UTC (today)

File size:

4.5 MB (4,696,448 bytes)

Product version:

5.8.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\allplayer\allupdate.exe

Digital Signature

Signed by:

ALLPlayer Group

Authority:

Unizeto Technologies S.A.

Valid from:

11/1/2013 10:58:33 AM

Valid to:

11/1/2014 10:58:33 AM

Subject:

E=info@allplayer.org, CN=ALLPlayer Group, O=ALLPlayer Group, C=PL

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

569643B8827B0FF8BF76A119AD869752

File PE Metadata

Compilation timestamp:

1/29/2014 4:17:49 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x201CCC

Entry point:

55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 18, 6D, 5F, 00, E8, 3B, 91, E0, FF, 8B, 35, 94, E0, 60, 00, 33, C0, 55, 68, 86, 20, 60, 00, 64, FF, 30, 64, 89, 20, 8B, 06, E8, 44, 3F, F2, FF, B1, 01, BA, A4, 20, 60, 00, A1, F4, 3D, 4E, 00, E8, 0B, 2F, EF, FF, 8B, 06, BA, C4, 20, 60, 00, E8, 1F, 39, F2, FF, 8D, 55, E8, B8, 01, 00, 00, 00, E8, 92, 2C, E0, FF, 8B, 45, E8, 8D, 55, EC, E8, 93, AD, E1, FF, 8B, 55, EC, B8, E0, 20, 60, 00, E8, 9E, 62, E0, FF, 85, C0, 0F, 8E, 90, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2 MB (2,100,224 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ALLUpdate

Command:

"C:\Program Files\allplayer\allupdate.exe" "sleep"

Scan allupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.