» GoogleUpdate.exe
Overview
Analysis
File Details
Behaviors (1)

GoogleUpdate.exe

Google Update

Google Inc.

The executable GoogleUpdate.exe has been detected as malware by 13 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named GoogleUpdateTaskUser triggered daily at a specified time. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

GoogleUpdate.exe

Publisher:

Google Inc.

Product:

Google Update

Description:

Google Installer

Version:

1.3.29.1

MD5:

50ece7c135715efb6394555b0ec28583

SHA-1:

bdc552f8184450cc3ac830d5e50bcb88cfeaf729

SHA-256:

35a74abf72c67273afb1ce1fb0e66d917e14073890aded4e4aa674a03931cf8a

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 10:18:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5813571

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:Kukacka

160118-1

AVG

Win32/Sality

2015.0.4522

Boost by Reason

Optional.Task

188838

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Secure

Win32.Sality.3

5.15.21

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5087.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.23

File size:

212.8 KB (217,928 bytes)

Product version:

1.3.29.1

Original file name:

GoogleUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\google\update\googleupdate.exe

File PE Metadata

Compilation timestamp:

11/20/2015 10:25:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:moSFdgnIvXZJjmhJVvN+SlVS0fvZ/0vuIuD0pFkc9vE5nLwQpq3jUbjpEkG9ZfLN:WgUZJGnN+QOvz2BdwooWaPrT

Entry address:

0x7A82

Entry point:

60, 86, CB, C7, C7, 54, 66, D4, 43, 8D, 1D, 56, 13, D2, 1F, F3, 88, F6, D2, CB, 4D, 0F, B3, D1, 85, EE, 2A, C3, D0, C4, 49, 69, C1, 14, 2F, 0A, 60, 0D, A4, 20, A1, 22, E8, 1E, 00, 00, 00, D2, D3, 0F, AF, F2, EB, 05, 85, D2, 0F, AF, C2, 8B, C2, 8D, 6D, 00, 0F, A4, D6, 75, 05, 73, 6D, E0, F6, 33, CD, 84, D6, 6B, C0, 00, 0F, C1, D9, 29, EB, 0F, A4, C3, BE, 85, DF, 87, CF, 84, F2, 41, 8D, 15, 0C, 41, 05, 00, 0F, B3, FD, 81, EA, FD, 42, 05, 00, 0F, C1, F7, 0F, AD, F5, 0F, BA, E3, 6B, 0F, C1, D0, 0F, BC, DA, FE... 
[+]

Entropy:

6.8074

Code size:

66.5 KB (68,096 bytes)

Scheduled Task

Task name:

GoogleUpdateTaskUser

Trigger:

Daily (Runs daily at 9:52 PM)

Description:

Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnera

Remove GoogleUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.