DuuquUpdateSetup.exe

Duuqu Update

Duuqu Group OU

The application DuuquUpdateSetup.exe, “Duuqu Update Setup” by Duuqu Group OU has been detected as adware by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.growmatecdn.us and multiple other hosts.
Publisher:
Duuqu Group  (signed by Duuqu Group OU)

Product:
Duuqu Update

Description:
Duuqu Update Setup

Version:
1.3.37.0

MD5:
55f0045d54c3425e96335ebeffa29181

SHA-1:
0d8a3388b70bdb122b5607c3568750c46e518a81

SHA-256:
4b5688c865d45d7775b389af35721faaed62ef8e0bc8a18a6eac2d339bb744aa

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2017 9:10:53 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoad3.25843
9.0.1.0360

Reason Heuristics
PUP.Installer.DuuquGroupOU.Q
14.8.7.21

File size:
480.6 KB (492,088 bytes)

Product version:
1.3.37.0

Copyright:
Copyright 2010-2012 Duuqu Group

Original file name:
DuuquUpdateSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\duuquupdatesetup.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/9/2012 2:00:00 AM

Valid to:
8/10/2014 1:59:59 AM

Subject:
CN=Duuqu Group OU, O=Duuqu Group OU, L=Tallinn, S=Harju, C=EE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
162E253D4CB8942D57DC084A3456BA93

File PE Metadata
Compilation timestamp:
10/30/2012 9:04:03 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ynsAZzZkswcDLjc8kt3BhxnwbkaV6wdZy+h9:ysAZBrjDk14kaddo69

Entry address:
0x4779

Entry point:
E8, FE, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 53, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 83, 47, 40, 00, FF, 15, 08, D0, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 10, D0, 40, 00, FF, 75, 08, FF, 15, 0C, D0, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00...
 
[+]

Code size:
46 KB (47,104 bytes)

The file DuuquUpdateSetup.exe has been seen being distributed by the following 7 URLs.

Remove DuuquUpdateSetup.exe - Powered by Reason Core Security