» googleupdate.exe
Overview
Analysis
File Details
Behaviors (1)

googleupdate.exe

上海云瞳科技有限公司

The application googleupdate.exe by 上海云瞳科技有限公司 has been detected as a potentially unwanted program by 7 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Google Protect Service(gprotect)”.

File name:

googleupdate.exe

Publisher:

上海云瞳科技有限公司 (signed and verified)

Version:

48.2.2564.88

MD5:

badc80ac8bafecd2e21be3e2baf39524

SHA-1:

5b44c6eb88602c9f31d03ed3f0575b0d0996b631

SHA-256:

8a76d5ffea8e05a12c5152ef1cc9c93f812274ceac51d8578c2c3dcb5c332583

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 10:25:45 PM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Adware.Ghoskwa

11.5.0.6191

ESET NOD32

Win32/ELEX.HJ potentially unwanted application

6.3.12010.0

F-Secure

Variant.Adware.Ghoskwa

5.15.154

Kaspersky

not-a-virus:AdWare.Win32.ELEX

15.0.2.529

Microsoft Security Essentials

Trojan:Win32/Ghokswa

1.235.2271.0

Norman

Gen:Variant.Adware.Ghoskwa.1

28.05.2016 15:32:18

VIPRE Antivirus

Threat.4150696

48758

File size:

307.6 KB (315,008 bytes)

Product version:

48.2.2564.88

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\google\update\googleupdate.exe

Digital Signature

Signed by:

上海云瞳科技有限公司

Authority:

GlobalSign nv-sa

Valid from:

11/23/2015 1:58:59 PM

Valid to:

11/23/2016 1:58:59 PM

Subject:

CN=上海云瞳科技有限公司, O=上海云瞳科技有限公司, STREET=自由贸易试验区奥纳路188号2幢楼5层529室, L=上海, S=上海, C=CN, OID.1.3.6.1.4.1.311.60.2.1.2=Shanghai, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=310141000153861, OID.2.5.4.15=Private Organization

Issuer:

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112111890B77B0FDF98EB0B3CFDEA89B989C

File PE Metadata

Compilation timestamp:

1/25/2016 7:53:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:2xIGoDgwewNbf+sAPxUEgXjDAgSp3KgVJ221GuJx9gv7h3+m8k+cg6uEJx/0TRnP:2poDghw+sAPxUjUk2nLgv75COB0Dj

Entry address:

0x1EBFC

Entry point:

E8, D3, E8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, A0, 84, 44, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, F7, 67, 00, 00, 59, FF, 34, F5, A0, 84, 44, 00, FF, 15, 0C, A2, 43, 00, 5E, 5D, C3, 56, 57, BE, A0, 84, 44, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, E0, A0, 43, 00, 53, E8, 48, CD, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, C0, 85, 44, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15... 
[+]

Entropy:

6.4858

Code size:

225.5 KB (230,912 bytes)

Service

Display name:

Google Protect Service(gprotect)

Service name:

gprotect

Description:

To ensure your Google software integrity. If this service is disabled or stopped, your Google software will not be kept integrity check, meaning security vulnerabilities that may arise cannot be fixed

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove googleupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.