home

ALUpExt.exe

ALUpdate helper

ESTsoft Corp.

This file is installed with the program ALTools Update. The file has been seen being downloaded from ko-kr.alupdate.altools.com.
Publisher:
ESTsoft Corp.  (signed and verified)

Product:
ALUpdate helper

Description:
ALUpdate helper program

Version:
10, 12, 6, 2

MD5:
11f50f98c58245ef741f02761b80342d

SHA-1:
fc817321088a1d69960a2c287566652d9a04d8cf

SHA-256:
e4bb29e9cd9bc2f02bf390874c2b858274ccf3f81b309d9f986463ff7414d3ae

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
5/3/2024 12:01:06 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
BackDoor.Tishop.108
9.0.1.039

File size:
287 KB (293,936 bytes)

Product version:
10, 12, 6, 2

Copyright:
Coryright(c) 2008 by ESTsoft Corp. All rights reserved.

Original file name:
ALUpExt.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\estsoft\alupdate\alupext.exe

Digital Signature
Signed by:
ESTsoft Corp.

Authority:
VeriSign, Inc.

Subject:
CN=ESTsoft Corp., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ESTsoft Corp., L=Seocho-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
70D1A0AC1A81A201BFC43091FFBE99A0

File PE Metadata
Compilation timestamp:
12/15/2010 2:35:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:eehNFdb7A1Z0Y3M4Dixk4W/6gbbhz9WHoYQQUYKJWi7Bi4WAo:xK3M5kt/6CbhzgHTHpKIi7r7o

Entry address:
0x1275C

Entry point:
E8, 16, 8C, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 10, 53, FF, 75, 10, 8D, 4D, F0, E8, FE, E5, FF, FF, 8B, 45, 08, 33, DB, 3B, C3, 75, 28, E8, A1, 08, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 25, 2D, 00, 00, 83, C4, 14, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 33, C0, EB, 74, 56, 8B, 75, F4, 39, 5E, 08, 75, 3A, FF, 75, 0C, 50, E8, 65, 8C, 00, 00, 59, 59, EB, 41, 0F, B6, D1, F6, 44, 32, 1D, 04, 74, 1A, 40, 8A, 10, 3A, D3, 74, 3E, 0F, B7, C9, 0F, B6, D2, C1, E1, 08, 0B, CA, 39...
 
[+]

Entropy:
6.7961

Code size:
148 KB (151,552 bytes)

The file ALUpExt.exe has been discovered within the following programs.

ALTools Update  by ESTsoft Corp.
ALTools Update is the automatic updater service for most ALTools products including the ALZip program.
advert.estsoft.com/?event=200904224447205
47% remove it
 
Powered by Should I Remove It?

The file ALUpExt.exe has been seen being distributed by the following URL.

http://ko-kr.alupdate.altools.com//UploadFile/45/.../ALUpExt.exe

Scan ALUpExt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.