home

obupdat.exe

RAMDisk Image creation utility

Sparkus

The executable obupdat.exe, “RAMDisk Image creation utility (x86/x64)” has been detected as malware by 4 anti-virus scanners.
Publisher:
QSoft [ Qualitative Software ]  (signed by Sparkus)

Product:
RAMDisk Image creation utility

Description:
RAMDisk Image creation utility (x86/x64)

Version:
5.3.2.14

MD5:
fbd90862fbc2afbf54109cd177a5c0e6

SHA-1:
db1cd63f43b11af1f268af11f7074c4490da8bd2

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
4/26/2024 5:55:17 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Tinba.AW
8.10354

Kaspersky
Trojan-Ransom.Win32.Foreign
14.0.0.3312

Malwarebytes
Trojan.Malware.CS
v2014.09.02.04

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

File size:
162.4 KB (166,328 bytes)

Product version:
5.3.2.14

Copyright:
Copyright (C) Qualitative Software

Original file name:
RAMDiskImage.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\obupdat.exe

Digital Signature
Signed by:
Sparkus

Authority:
COMODO CA Limited

Valid from:
8/19/2014 2:00:00 AM

Valid to:
8/20/2015 1:59:59 AM

Subject:
CN=Sparkus, O=Sparkus, STREET="Ryazanskiy proezd, 26, 63", L=Moscow, S=Moscow, PostalCode=109428, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CBBD5A5B6902ED2C162E2977D2011228

File PE Metadata
Compilation timestamp:
9/1/2014 3:58:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:9RvbNpaSKTSsakHic/bATiYFfjqsd8oXfhGskHRuUeNcWVM9B+LTlhaVRUd:9VWZ5akHi7bGufEskHgUeNcWVK+37T

Entry address:
0x49D2

Entry point:
E8, 1A, 76, 00, 00, E9, 89, FE, FF, FF, C7, 01, 50, 67, 41, 00, E9, 89, 77, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 50, 67, 41, 00, E8, 76, 77, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 42, E9, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 84, 77, 00, 00, C7, 06, 50, 67, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 34, 16, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 8D, EE, FF, FF, 59, 85, C0, 74, E6, C9, C3, F6...
 
[+]

Code size:
80.5 KB (82,432 bytes)

Remove obupdat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.