» LiveUpdate.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

LiveUpdate.exe

LiveUpdate

Wuhan Jiduo Information Technology Co.,Ltd.

The application LiveUpdate.exe by Wuhan Jiduo Information Technology Co.,Ltd has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Driver Genius Professional Edition by Driver-Soft Inc. which is a potentially unwanted software program. While running, it connects to the Internet address f8.a9.e443.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

LiveUpdate.exe

Publisher:

Driver-Soft Inc. (signed by Wuhan Jiduo Information Technology Co.,Ltd.)

Product:

LiveUpdate

Version:

9.00.0190

MD5:

99bfea775ff7d01b887ab77f70dbb69d

SHA-1:

1667b6ee8b8fa0953ba98ca1ac693650903c982a

SHA-256:

d2000009bc76137f27d0b0a954f6aed502d64bb9f771fe57e83b12e35cfd16a4

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 11:06:39 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.WuhanJiduoInformationTechnologyCoLtd.K

188838

Comodo Security

Heur.Suspicious

16550

Reason Heuristics

PUP.Optional.WuhanJiduoInformationTechnologyCoLtd.K

14.8.1.0

Rising Antivirus

Trojan.Win32.Generic.12CBB584

23.00.65.131223

Vba32 AntiVirus

Backdoor.Win32.Hupigon.jnxe

3.12.12.1

File size:

511.6 KB (523,856 bytes)

Product version:

9.00.0190

Original file name:

LiveUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\liveupdate.exe

Digital Signature

Signed by:

Wuhan Jiduo Information Technology Co.,Ltd.

Authority:

WoSign, Inc.

Valid from:

5/22/2008 2:00:00 AM

Valid to:

5/23/2010 1:59:59 AM

Subject:

CN=Driver-Soft.com, OU=Class 3 - for Microsoft Authenticode Signing, O="Wuhan Jiduo Information Technology Co.,Ltd.", L=Wuhan, S=Hubei, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

79E59F0AC0FF47090A57C16B38B1BD

File PE Metadata

Compilation timestamp:

4/21/2010 6:43:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:/onyGkA9K/lGRgOUqmq9kR6lhKX0xFNk2p6eYRD3y:OkYK/cRgOnmq9g6b36eYk

Entry address:

0x1000

Entry point:

68, 01, 80, 45, 00, E8, 01, 00, 00, 00, C3, C3, B2, 0C, FB, 00, 99, D1, D0, 5B, C7, 33, DD, 19, FE, 3B, B0, 24, BC, 90, 34, 5C, 55, DE, 51, 8E, 75, 6D, 31, D2, 0F, C7, F6, E7, CE, F6, B7, CF, BD, E9, 38, AA, 58, 70, 02, 7F, 88, 5F, 2F, 2D, FE, 31, 78, 94, 2E, D8, D8, 96, A1, 9E, AC, 53, 8F, 8E, B6, 6D, 64, 71, A8, DC, 55, A1, 06, 55, C1, 71, 23, B6, 6A, 9E, D2, 18, 1A, 6B, 28, 40, 8A, 9E, C5, 6B, B7, 8F, EC, 39, C3, 17, 8B, E3, 64, E9, AC, 7D, B6, CF, A7, B1, CA, 4B, E1, 06, CE, D8, A7, 4E, F4, 09, AC, 59... 
[+]

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

312 KB (319,488 bytes)

The file LiveUpdate.exe has been discovered within the following program.

Driver Genius Professional Edition by Driver-Soft Inc.

This is an application designed to check the computer's installed drivers against a database of available drivers for a number of software and device hardware applications.

www.driver-soft.com

65% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to f8.a9.e443.ip4.static.sl-reverse.com (67.228.169.248:80)

Remove LiveUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.