home

productupdt.exe

The application productupdt.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Groove GFS Browser Helper’. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Powered.
MD5:
763f38fde243966878f14ac3a2c6052f

SHA-1:
32f1699bffc1556be55fb65ef34a2d72b71d543d

SHA-256:
b0f13e9a8bb2d28c4249e2274723f02aa58b7b2cc99472096099470e81df436d

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 5:09:32 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DealPly.C1755177
3.8.3.16

Avira AntiVirus
ADWARE/DealPly.tqjmy
8.3.3.4

Fortinet FortiGate
Adware/DealPly
2/14/2017

G Data
Win32.Application.Agent.9LDBXP
17.2.25

K7 AntiVirus
Riskware
13.251.22400

Kaspersky
not-a-virus:AdWare.Win32.DealPly
14.0.0.-1166

McAfee
PUP-FPD
5600.6130

Panda Antivirus
Trj/GdSda.A
17.02.14.04

Qihoo 360 Security
HEUR/QVM05.1.0000.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.Downloader.ICDP (L)
17.2.14.3

Trend Micro House Call
TROJ_GEN.R021C0EBB17
7.2.45

Trend Micro
TROJ_GEN.R021C0EBB17
10.465.14

File size:
2.2 MB (2,314,752 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
3/9/2014 8:50:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1FA30C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 3C, 26, 5F, 00, E8, F8, 3B, E1, FF, A1, DC, FD, 5F, 00, 8B, 00, E8, A0, 56, FB, FF, 8B, 0D, 24, FD, 5F, 00, A1, DC, FD, 5F, 00, 8B, 00, 8B, 15, C0, A4, 5B, 00, E8, A0, 56, FB, FF, A1, DC, FD, 5F, 00, 8B, 00, E8, F8, 57, FB, FF, E8, 8F, EC, E0, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2 MB (2,068,480 bytes)

Internet Explorer BHO
CLSID:
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

CLSID name:
Groove GFS Browser Helper


Program Uninstaller
Program name:
Yahoo! Powered

Uninstall string:
"C:\users\{user}\appdata\local\{426c7430-66c4-1888-0b5c-3d602f34c1f8}\uninstall.exe" \uninstall \s \noun \delselfdir


Scheduled Task
Task name:
{64557C04-238B-7B6D-B0DA-596B04825304}

Trigger:
Daily (Runs daily at 03:48 p.m.)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-107-20-201-65.compute-1.amazonaws.com  (107.20.201.65:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.121.27:80)

TCP (HTTP):
Connects to ec2-23-21-246-202.compute-1.amazonaws.com  (23.21.246.202:80)

TCP (HTTP):
Connects to ec2-54-225-212-5.compute-1.amazonaws.com  (54.225.212.5:80)

TCP (HTTP SSL):
Connects to geoip-zlb.vips.scl3.mozilla.com  (63.245.215.82:443)

TCP (HTTP):
Connects to ec2-184-73-154-217.compute-1.amazonaws.com  (184.73.154.217:80)

TCP (HTTP):
Connects to ec2-54-83-207-70.compute-1.amazonaws.com  (54.83.207.70:80)

TCP (HTTP):
Connects to ec2-23-23-166-158.compute-1.amazonaws.com  (23.23.166.158:80)

TCP (HTTP):
Connects to ec2-23-21-246-179.compute-1.amazonaws.com  (23.21.246.179:80)

TCP (HTTP):
Connects to server-54-230-149-47.sin2.r.cloudfront.net  (54.230.149.47:80)

TCP (HTTP):
Connects to server-54-192-59-107.gru1.r.cloudfront.net  (54.192.59.107:80)

TCP (HTTP):
Connects to server-52-85-221-162.cdg50.r.cloudfront.net  (52.85.221.162:80)

TCP (HTTP):
Connects to server-52-85-167-239.gig50.r.cloudfront.net  (52.85.167.239:80)

TCP (HTTP):
Connects to server-52-85-133-145.iad53.r.cloudfront.net  (52.85.133.145:80)

TCP (HTTP):
Connects to server-52-84-174-187.gru50.r.cloudfront.net  (52.84.174.187:80)

TCP (HTTP):
Connects to server-52-84-174-103.gru50.r.cloudfront.net  (52.84.174.103:80)

TCP (HTTP):
Connects to ec2-54-243-162-184.compute-1.amazonaws.com  (54.243.162.184:80)

TCP (HTTP):
Connects to ec2-23-23-110-40.compute-1.amazonaws.com  (23.23.110.40:80)

TCP (HTTP):
Connects to ec2-23-21-200-178.compute-1.amazonaws.com  (23.21.200.178:80)

TCP (HTTP):
Connects to ec2-184-73-230-77.compute-1.amazonaws.com  (184.73.230.77:80)

Remove productupdt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.