home

pro_upg.exe

WinAutomation Job

Created with WinAutomation (http://www.WinAutomation.com)

The application pro_upg.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address p3nlhg304c1304.shr.prod.phx3.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Created with WinAutomation (http://www.WinAutomation.com)

Product:
WinAutomation Job

Version:
3.1.5.637

MD5:
a5ed1574702cca6e4024b37d6c68739c

SHA-1:
b0b0b79cfb8cf905747b033471111058f97eafb9

SHA-256:
cb25a1f635aeff190711ceb99d58ed05e13798a68dcfe61d799f61884d7afb3e

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/25/2024 9:27:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.16166511
302

AegisLab AV Signature
Troj.FakeSkype.lK5R
2.1.4+

Arcabit
Trojan.Generic.DF6AE6F
1.0.0.666

avast!
Win32:Malware-gen
2014.9-160407

AVG
PSW.MSIL
2017.0.2780

Bitdefender
Trojan.Generic.16166511
1.0.20.490

Comodo Security
UnclassifiedMalware
24754

Dr.Web
Trojan.DownLoader19.38097
9.0.1.098

Emsisoft Anti-Malware
Trojan.Generic.16166511
8.16.04.07.08

ESET NOD32
MSIL/Spy.Agent.AKI (variant)
10.13298

Fortinet FortiGate
W32/Agent.ABRSJ!tr
4/7/2016

F-Secure
Trojan.Generic.16166511
11.2016-07-04_5

G Data
Trojan.Generic.16166511
16.4.25

IKARUS anti.virus
PUA.InstallCore
t3scan.2.0.9.0

K7 AntiVirus
Spyware
13.221.19244

Kaspersky
Trojan.MSIL.Agent
14.0.0.396

McAfee
Artemis!A5ED1574702C
5600.6436

Microsoft Security Essentials
TrojanSpy:Win32/Skeeyah.A!rfn
1.1.12603.0

MicroWorld eScan
Trojan.Generic.16166511
17.0.0.294

NANO AntiVirus
Trojan.Win32.DownLoader19.ebcgje
1.0.18.7201

nProtect
Trojan.Generic.16166511
16.04.07.01

Panda Antivirus
Trj/GdSda.A
16.04.07.08

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16405

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R031C0DCS16
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
48452

File size:
2.4 MB (2,564,096 bytes)

Product version:
3.1.5.637

Copyright:
Copyright © Softomotive Ltd 2005-2011

Original file name:
tmp4DDF.tmp

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\pro_upg.exe

File PE Metadata
Compilation timestamp:
3/19/2016 10:39:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:qZK3HLJuhEr1b+T3yA1lcAbbW2SQz9nIDtm9B3YCjsil1z9mVfuVJFg5oK7:EiMR9nIhU1cRuVJFgCK7

Entry address:
0x26207E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7878

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.4 MB (2,494,464 bytes)

User Start Menu Item
Name:
Pro_upg.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to p3nlhg304c1304.shr.prod.phx3.secureserver.net  (50.63.38.1:80)

Remove pro_upg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.