» produpd.exe
Overview
Analysis
File Details
Network (28)

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address e.mail.ru on port 443.

File name:

produpd.exe

Publisher:

Vested Development, Inc

Product:

produpd.exe

Version:

2.2.1.23

MD5:

9693ed346b0a9af7649b1edfd558a7c3

SHA-1:

0ba6a1d1e1c4d3ac41207de248ee5513c81fbee8

SHA-256:

d01d3bafa62b142af1e081b8af7f79eb8de31268ad382be56f21271e17c628dd

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

6/17/2024 4:25:00 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Trojan.Glupteba

17.2.16.8

File size:

523 KB (535,552 bytes)

Product version:

2.2.0.2

Original file name:

produpd.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata

Compilation timestamp:

2/3/2017 1:11:04 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x544CE

Entry point:

99, 86, F4, 21, FA, B0, E8, F6, D6, 90, BA, FD, 54, 18, 5F, 86, E2, 4A, B9, 66, 4E, 00, 00, 8B, C3, F6, D2, FE, CE, F7, D2, E9, 82, 00, 00, 00, 00, E1, 6C, 54, 18, 04, E4, CF, 13, 02, BF, 5C, A1, 77, 10, 7B, 00, 00, 6D, 04, 69, 00, 33, 14, FB, 33, 00, 44, 85, 8B, 70, 18, 6F, EE, D7, 00, EC, DF, F1, 5E, 00, E9, 4A, 00, 21, F0, 49, EB, 21, 00, 00, 00, 9D, F8, 78, EE, 00, 00, 85, 00, 1E, 1E, E2, 72, 00, 99, 78, 56, 63, 2A, 32, 96, 00, A3, 00, 1B, 3D, B4, 75, 00, 7A, 00, F6, D6, F7, D2, BA, 4B, C3, 95, 68, 8D... 
[+]

Entropy:

6.6471

Code size:

333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to k016.khaki.myloc.de (93.186.196.16:8000)

TCP (HTTP SSL):

Connects to yandex.ru (5.255.255.60:443)

TCP:

Connects to ip-static-94-242-254-135.server.lu (94.242.254.135:8000)

TCP (HTTP):

Connects to www.gratka.pl (195.8.99.1:80)

TCP:

Connects to icebergcone.com (91.142.85.224:8000)

TCP (HTTP):

Connects to l2top.ru (91.121.37.31:80)

TCP (HTTP SSL):

Connects to e.mail.ru (94.100.180.215:443)

TCP (WHOIS):

Connects to whois.ripe.net (193.0.6.135:43)

TCP (WHOIS):

Connects to whois.arin.net (199.5.26.46:43)

TCP (HTTP SSL):

Connects to ec2-52-34-28-127.us-west-2.compute.amazonaws.com (52.34.28.127:443)

TCP (HTTP SSL):

Connects to a95-101-248-45.deploy.akamaitechnologies.com (95.101.248.45:443)

TCP (WHOIS):

Connects to whois.publicinterestregistry.net (199.15.84.131:43)

TCP (WHOIS):

Connects to whois.nic.cz (217.31.205.42:43)

TCP (WHOIS):

Connects to whois.localnet (213.248.242.41:43)

TCP (WHOIS):

Connects to whois.domain-registry.nl (94.198.154.138:43)

TCP (WHOIS):

Connects to registro.lacnic.net (200.3.14.10:43)

TCP (WHOIS):

Connects to registro.br (200.160.2.3:43)

TCP (WHOIS):

Connects to nb-185-3-93-80.london.nodebalancer.linode.com (185.3.93.80:43)

TCP (HTTP):

Connects to ip230.ip-5-135-168.eu (5.135.168.230:80)

TCP:

Connects to interviewder.net (91.203.5.26:8000)

Remove produpd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.