home

fwupdate.exe

LG Firmware Autoupdate

BitLeader

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘LGODDFU’. The file has been seen being downloaded from lgodd.lge.com.
Publisher:
BitLeader

Product:
LG Firmware Autoupdate

Version:
1.00

MD5:
fdaddea50790d895d56455c78016e058

SHA-1:
4a1d5eafd3be70d4464c44001e990f1ef96bb7ab

SHA-256:
f4b8e369fc253b05c357771abe9653e679b78a7c91c3cfd5967fe0d996673b16

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/30/2024 9:42:29 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.BitLeader.I
188163

File size:
544 KB (557,056 bytes)

Product version:
1.00

Original file name:
fwupdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\lg_fwupdate\fwupdate.exe

File PE Metadata
Compilation timestamp:
10/20/2009 2:03:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:IJgV6LEFwhDFcLt1bztfpJhpZYfZ66C1X+5VvVnG8dosuYxKSvf5ZoVESL:N7a3S/DJTZYfZVC1XODBulSzoVESL

Entry address:
0x1248

Entry point:
68, 7C, 18, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 46, 5F, E5, C6, 93, C3, 60, 47, A6, 12, 32, 93, B5, AF, AA, 01, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, C0, F3, 85, 01, 66, 77, 75, 70, 64, 61, 74, 65, 00, C1, 40, 00, 08, C1, 40, 00, 00, 00, 00, 00, 01, 00, 01, 00, B8, 03, 41, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 3C, 04, 41, 00, 14, 70, 48, 00, 00, 00, 00, 00, F8, 28, 23, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5765

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
536 KB (548,864 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
LGODDFU

Command:
"C:\Program Files\lg_fwupdate\fwupdate.exe" blrun


The file fwupdate.exe has been seen being distributed by the following URL.

http://lgodd.lge.com/fwnewau/.../fwupdate.exe

Scan fwupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.