home

DivXUpdate.exe

DivX Update

The executable DivXUpdate.exe has been detected as malware by 12 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DivXUpdate’. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Product:
DivX Update

Version:
1.0.6.114

MD5:
5074101777a4be611256f9a0561524d5

SHA-1:
32099cf60073dbed0d941bf9401754a0343c6ec5

SHA-256:
c1e4efb9ac27cb4b590b0af1d2c565c305649f3d7180555f40ca40d0c685e526

Scanner detections:
12 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/19/2024 1:06:49 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160209-2

AVG
Win32/Sality
2015.0.4522

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6222.0

Norman
Win32.Sality.3
08.02.2016 04:24:12

Sophos
Virus 'Mal/Sality-D'
5.23

VIPRE Antivirus
Threat.4721115
47186

File size:
1.8 MB (1,935,696 bytes)

Product version:
1.0.6.114

Copyright:
© Copyright 2000 - 2011 DivX, LLC

Original file name:
DivXUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\divx\divx update\divxupdate.exe

File PE Metadata
Compilation timestamp:
1/10/2014 12:26:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:L+CqWHyzn93FRfke3WH4pHoxsiIX6R5E3:Kl/fZI4pHoxsQY

Entry address:
0x6AFE7

Entry point:
28, DA, 68, 5C, 1E, C5, 00, 32, D3, 87, F8, B4, 72, 29, D9, F3, B5, 82, 81, E9, 14, 9A, ED, CD, F6, C4, 9D, F7, C2, CC, 9E, 64, 62, F7, C7, A1, B6, E5, 4F, 18, D5, 6A, 00, 5D, 4A, 0F, B7, F6, 33, EB, 42, BE, F5, 84, 20, 01, 8A, D4, 8D, 45, 00, 8D, 35, 43, 54, B2, 43, 4A, 0F, BE, E8, 50, 29, C6, 5B, 0F, AF, D6, C7, C7, F9, D5, 7E, BE, 0F, BF, F2, 85, C8, F6, C4, D3, 69, C0, 1A, 5C, 71, 84, 1A, D3, FE, CF, 53, 68, B2, AE, C8, 00, 8D, 1D, 9E, E7, 5C, 55, C6, C5, A1, E8, 00, 00, 00, 00, 5B, 86, F1, 80, E2, C3...
 
[+]

Entropy:
3.6140

Code size:
472 KB (483,328 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DivXUpdate

Command:
"C:\Program Files\divx\divx update\divxupdate.exe" \checknow


Remove DivXUpdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.