home

nse761b.tmp.exe

Update Platform Application

Beijing Zhihuimen Techology co,.Ltd

The application nse761b.tmp.exe by Beijing Zhihuimen Techology co,.Ltd has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This is the uninstaller utility registered in the Windows Control Panel for the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd. This file is typically installed with the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd.
Publisher:
Beijing Zhihuimen Techology co,.Ltd  (signed and verified)

Product:
Update Platform Application

Version:
1.2.0.27

MD5:
5e19f560eaac49ec518f8a8f1e644275

SHA-1:
c5e9771e6f70f144210334cd8700942f98e614d9

SHA-256:
ac59fb59bbd17c0dbed4a9b2ad12865e8a6c2e77ec88a6f426f8be676c650cbc

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/30/2024 1:33:16 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.TopTools.1
9.0.1.05190

ESET NOD32
Win32/Toptools.A potentially unwanted application
7.0.302.0

Reason Heuristics
Adware.Toptools (M)
16.6.16.18

File size:
619.7 KB (634,616 bytes)

Product version:
1.2.0.27

Copyright:
Copyright (C) 2015

Original file name:
UpdatePlatform.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\nse761b.tmp.exe

Digital Signature
Signed by:
Beijing Zhihuimen Techology co,.Ltd

Authority:
VeriSign, Inc.

Valid from:
3/20/2015 7:00:00 AM

Valid to:
3/20/2016 6:59:59 AM

Subject:
CN="Beijing Zhihuimen Techology co,.Ltd", OU=Dev, O="Beijing Zhihuimen Techology co,.Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CD09515CC4DCE7B71D57D559E0AF51C

File PE Metadata
Compilation timestamp:
8/18/2015 12:39:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:tE9+y1OFh1mqq9w8EsQLIO/QAw/+kIS33JE89FZEl/R6+vbNMreWYbrEJM8:tY1OFh1lqa8ENkIoJE89oX6+2reWYbr8

Entry address:
0x5472A

Entry point:
E8, 9C, E3, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, E4, D3, 48, 00, 00, 74, 05, E9, 2C, E4, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1...
 
[+]

Entropy:
6.4309

Code size:
457.5 KB (468,480 bytes)

Program Uninstaller
Program name:
Tools Update Platform

Display publisher:
Beijing Zhihuimen Techology co,.Ltd

Display version:
1.2.0.27

Uninstall string:
C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe Uninstall Force


Scheduled Task
Task name:
ToolsUpdatePlatform_ScheduledTask

Trigger:
Logon (Runs on logon)

Description:
Tools update check when system start.


Windows Firewall Allowed Program
Name:
C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe


The file nse761b.tmp.exe has been discovered within the following programs.

Tools Update Platform  by Beijing Zhihuimen Techology co,.Ltd
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-55-156-20.compute-1.amazonaws.com  (52.55.156.20:80)

TCP (HTTP):
Connects to ec2-107-23-145-180.compute-1.amazonaws.com  (107.23.145.180:80)

TCP (HTTP):
Connects to ec2-52-202-118-125.compute-1.amazonaws.com  (52.202.118.125:80)

TCP (HTTP):
Connects to a104-88-123-147.deploy.static.akamaitechnologies.com  (104.88.123.147:80)

TCP (HTTP):
Connects to ec2-52-205-194-174.compute-1.amazonaws.com  (52.205.194.174:80)

TCP (HTTP):
Connects to ec2-52-200-155-121.compute-1.amazonaws.com  (52.200.155.121:80)

TCP (HTTP):
Connects to a23-50-198-184.deploy.static.akamaitechnologies.com  (23.50.198.184:80)

TCP (HTTP):
Connects to ec2-34-200-202-177.compute-1.amazonaws.com  (34.200.202.177:80)

TCP (HTTP):
Connects to ec2-52-205-101-0.compute-1.amazonaws.com  (52.205.101.0:80)

TCP (HTTP):
Connects to ec2-34-192-86-237.compute-1.amazonaws.com  (34.192.86.237:80)

TCP (HTTP):
Connects to ec2-34-192-147-223.compute-1.amazonaws.com  (34.192.147.223:80)

TCP (HTTP):
Connects to ec2-54-165-188-245.compute-1.amazonaws.com  (54.165.188.245:80)

TCP (HTTP):
Connects to a104-108-56-152.deploy.static.akamaitechnologies.com  (104.108.56.152:80)

Remove nse761b.tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.