googleupdate.exe

上海云瞳科技有限公司

The application googleupdate.exe by 上海云瞳科技有限公司 has been detected as a potentially unwanted program by 7 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Google Protect Service(gprotect)”.
Publisher:
上海云瞳科技有限公司  (signed and verified)

Version:
48.2.2564.88

MD5:
badc80ac8bafecd2e21be3e2baf39524

SHA-1:
5b44c6eb88602c9f31d03ed3f0575b0d0996b631

SHA-256:
8a76d5ffea8e05a12c5152ef1cc9c93f812274ceac51d8578c2c3dcb5c332583

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
10/27/2020 12:09:46 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Adware.Ghoskwa
11.5.0.6191

ESET NOD32
Win32/ELEX.HJ potentially unwanted application
6.3.12010.0

F-Secure
Variant.Adware.Ghoskwa
5.15.154

Kaspersky
not-a-virus:AdWare.Win32.ELEX
15.0.2.529

Microsoft Security Essentials
Trojan:Win32/Ghokswa
1.235.2271.0

Norman
Gen:Variant.Adware.Ghoskwa.1
28.05.2016 15:32:18

VIPRE Antivirus
Threat.4150696
48758

File size:
307.6 KB (315,008 bytes)

Product version:
48.2.2564.88

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\google\update\googleupdate.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
11/23/2015 1:58:59 PM

Valid to:
11/23/2016 1:58:59 PM

Subject:
CN=上海云瞳科技有限公司, O=上海云瞳科技有限公司, STREET=自由贸易试验区奥纳路188号2幢楼5层529室, L=上海, S=上海, C=CN, OID.1.3.6.1.4.1.311.60.2.1.2=Shanghai, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=310141000153861, OID.2.5.4.15=Private Organization

Issuer:
CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112111890B77B0FDF98EB0B3CFDEA89B989C

File PE Metadata
Compilation timestamp:
1/25/2016 7:53:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:2xIGoDgwewNbf+sAPxUEgXjDAgSp3KgVJ221GuJx9gv7h3+m8k+cg6uEJx/0TRnP:2poDghw+sAPxUjUk2nLgv75COB0Dj

Entry address:
0x1EBFC

Entry point:
E8, D3, E8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, A0, 84, 44, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, F7, 67, 00, 00, 59, FF, 34, F5, A0, 84, 44, 00, FF, 15, 0C, A2, 43, 00, 5E, 5D, C3, 56, 57, BE, A0, 84, 44, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, E0, A0, 43, 00, 53, E8, 48, CD, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, C0, 85, 44, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15...
 
[+]

Entropy:
6.4858

Code size:
225.5 KB (230,912 bytes)

Service
Display name:
Google Protect Service(gprotect)

Service name:
gprotect

Description:
To ensure your Google software integrity. If this service is disabled or stopped, your Google software will not be kept integrity check, meaning security vulnerabilities that may arise cannot be fixed

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove googleupdate.exe - Powered by Reason Core Security