home

client_update.exe

RivalGaming

The application client_update.exe by RivalGaming has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
RivalGaming  (signed and verified)

MD5:
e5ac3aa587128ac18855e72e81933551

SHA-1:
eabf135d9108981e39ed5b581460c3b104345631

SHA-256:
716775bb1133007a23863e437e318c44182973541eafe4978ae0a65fe61c1764

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 12:28:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EpicPlay.RivalGam (M)
16.3.21.1

File size:
254.7 KB (260,768 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\client_update.exe

Digital Signature
Signed by:
RivalGaming

Authority:
VeriSign, Inc.

Valid from:
11/27/2012 6:00:00 PM

Valid to:
12/28/2013 5:59:59 PM

Subject:
CN=RivalGaming, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=RivalGaming, L=Irvine, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4EFBC4A1539C847791D280FD528BCDEA

File PE Metadata
Compilation timestamp:
7/3/2013 9:00:25 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:t/63XOnbH5qBquZXuGowQH5lWs3T4M2wMZtn7pAth4:tceb4TLo7nTl29Dn7p7

Entry address:
0x3303

Entry point:
E8, FA, 36, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 30, F3, 40, 00, E8, C7, 26, 00, 00, 6A, 0E, E8, C8, 1B, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, E4, 20, 41, 00, BA, E0, 20, 41, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 65, FC, FF, FF, 59, FF, 76, 04, E8, 5C, FC, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, B6, 26, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 93, 1A, 00, 00, 59, C3, CC, CC, CC, 8B, 54, 24...
 
[+]

Entropy:
6.1410

Code size:
47 KB (48,128 bytes)

Remove client_update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.