» googlecrashhandler.exe
Overview
Analysis
File Details

googlecrashhandler.exe

globalUpdate Update

globalUpdate

The executable googlecrashhandler.exe has been detected as malware by 13 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

Publisher:

globalUpdate

Product:

globalUpdate Update

Version:

1.3.25.0

MD5:

e102241f0e9dc79b50bd0182471d2a3d

SHA-1:

5665a9ed97629e22c26ad27120b4d5e53710557b

SHA-256:

7e5740e853d0f83ff5ee708f8bc400eab6d298db72cefcc5c830f16525394c9f

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 2:46:16 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

6486625

AVG

Win32/Sality

2014.0.4257

Dr.Web

Win32.Sector.22

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

9.0.0.4799

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.13.68

Kaspersky

Virus.Win32.Sality

15.0.0.543

McAfee

Virus.W32/Sality.gen.z

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.191.3639.0

Norman

Win32.Sality.3

03.12.2014 13:20:04

Sophos

Virus 'Mal/Sality-D'

5.09

VIPRE Antivirus

Threat.4758034

36666

File size:

139.2 KB (142,504 bytes)

Product version:

1.3.25.0

Original file name:

GoogleUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\globalupdate\update\1.3.25.0\googlecrashhandler.exe

File PE Metadata

Compilation timestamp:

4/24/2014 5:09:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:TobBtJq3ZruXzi+wGp/RFlBa5G5QldVBAxLCCPcFJwaKe:TwBtJ+ZaDi+V/R1a5G5QXVBApCoOJwHe

Entry address:

0x47BD

Entry point:

81, DF, 7C, F7, C4, A4, 81, FB, 88, 9B, 00, 00, 72, 09, 84, F4, FE, C9, 1D, 27, AD, 1A, 6C, 0F, CF, 80, D2, 97, 81, FF, 82, 7F, 00, 00, 71, 01, 46, C6, C0, 09, 8D, 15, 8B, D3, 00, 00, 81, C2, 80, 0D, 00, 00, 8D, 35, 1C, 47, 34, 3B, 33, EA, 69, F6, B8, 11, BD, E9, FF, C5, 0C, 34, 0F, AF, C1, 20, D3, E8, BA, 00, 00, 00, F6, C1, 90, 03, C7, 80, FC, A7, 2B, C8, 88, F8, C6, C4, 82, 0F, AF, CF, 3D, 34, B1, 00, 00, 76, 0D, B9, DB, 07, 88, 66, 8B, CA, 0F, AF, DB, 0F, BF, F8, 0F, B6, CC, 68, E7, 09, 00, 00, 58, 8A... 
[+]

Code size:

32 KB (32,768 bytes)

Remove googlecrashhandler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.