home

IRXUpd.exe

IRXChecker

Ginocar Producoes S.A.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IRX Updater’.
Publisher:
GinoInformações, Publicações Lda  (signed by Ginocar Producoes S.A.)

Product:
IRXChecker

Version:
2010.12.0011

MD5:
862df1048b41e40d84bd2c39fcc254d2

SHA-1:
281c24807aa37a6a34eb640830e256852a710e7b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 5:53:50 AM UTC  (today)

File size:
185.3 KB (189,792 bytes)

Product version:
2010.12.0011

Original file name:
IRXUpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ginocar Producoes S.A.

Authority:
GoDaddy.com, Inc.

Valid from:
9/26/2011 5:05:29 PM

Valid to:
11/16/2013 4:12:41 PM

Subject:
CN=Ginocar Producoes S.A., O=Ginocar Producoes S.A., L=Porto, S=Porto, C=PT

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EE99C35AB209B

File PE Metadata
Compilation timestamp:
2/28/2013 12:07:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:m745rHx6B5nZPlTkVaERrzTf3FxcThJz85dL1ALs3VnWdRFlH7jg3WRrzTCbC:m7H5nZP5kwE7x0Jz851FVneRFpQ2

Entry address:
0x2288

Entry point:
68, 10, 24, 40, 00, E8, EE, FF, FF, FF, 00, 00, 70, 00, 00, 00, 30, 00, 00, 00, 68, 00, 00, 00, 40, 00, 00, 00, 9E, 8B, DC, 7D, AF, 8D, BB, 40, A8, 5D, B6, A8, 4B, C5, C3, AC, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 75, 66, 66, 65, 72, 2E, 49, 52, 58, 43, 68, 65, 63, 6B, 65, 72, 00, 72, 73, 69, 6F, 6E, 41, 63, 74, 75, 61, 6C, 69, 7A, 61, E7, E3, 6F, 20, 61, 75, 74, 6F, 6D, 61, 74, 69, 63, 61, 20, 64, 6F, 20, 70, 72, 6F, 6A, 65, 63, 74, 6F, 20, 49, 52, 58, 00, 00, 63, 74, 56, 65, 72, 73, 69, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
140 KB (143,360 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IRX Updater

Command:
"C:\programas\irx\irxupd.exe" \checkonly


Scan IRXUpd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.