» produpd.exe
Overview
Analysis
File Details
Network (34)

produpd.exe

Vested Development, Inc

The application produpd.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. While running, it connects to the Internet address whois.rrpproxy.net on port 43.

File name:

produpd.exe

Publisher:

Vested Development, Inc

Product:

produpd.exe

Version:

2.2.1.23

MD5:

ffe097ce6f629f5cc6c660b8b1561c03

SHA-1:

17ab6a2969a68be0f3f900cb1ac822d48365f75a

SHA-256:

c4e8bac17943b8e812dadb1d831d5ac9dc0baab6d4389cc81c746b9a05db7dea

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 4:22:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.214304

-16

AhnLab V3 Security

Trojan/Win32.Glupteba.C1592487

3.8.3.16

Avira AntiVirus

TR/ATRAPS.napoz

8.3.3.4

Arcabit

Trojan.Zusy.D34520

1.0.0.795

avast!

Win32:Malware-gen

2014.9-170220

AVG

Atros5

2018.0.2462

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17220

Bitdefender

Gen:Variant.Zusy.214304

1.0.20.255

Emsisoft Anti-Malware

Gen:Variant.Zusy.214304

8.17.02.20.01

ESET NOD32

Win32/Glupteba.AU (variant)

11.14963

F-Secure

Gen:Variant.Zusy.214304

11.2017-20-02_2

G Data

Gen:Variant.Zusy.214304

17.2.25

IKARUS anti.virus

Trojan.Win32.Glupteba

0.1.3.4

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1195

Malwarebytes

PUP.Optional.ProductUpdater

v2017.02.20.01

McAfee

Trojan-FLGP!FFE097CE6F62

5600.6118

MicroWorld eScan

Gen:Variant.Zusy.214304

18.0.0.153

NANO AntiVirus

Trojan.Win32.Glupteba.elosrp

1.0.70.15190

Panda Antivirus

Trj/GdSda.A

17.02.20.01

Qihoo 360 Security

HEUR/QVM10.1.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Generic.5!tfe (thunder:5:NThWKYq1RvK)

23.00.65.17218

VIPRE Antivirus

Trojan.Win32.Generic

56096

File size:

511.5 KB (523,776 bytes)

Product version:

2.2.0.2

Original file name:

produpd.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata

Compilation timestamp:

2/20/2017 7:01:06 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x1DC21

Entry point:

E8, F5, 09, 00, 00, E9, 8E, FE, FF, FF, FF, 25, 84, 72, 45, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 6E, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 5D, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, 20, 47, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00... 
[+]

Code size:

340.5 KB (348,672 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to smtp.spmode.ne.jp (49.102.153.228:465)

TCP (HTTP SSL):

Connects to server-54-230-97-81.arn1.r.cloudfront.net (54.230.97.81:443)

TCP (HTTP SSL):

Connects to server-52-85-242-124.arn1.r.cloudfront.net (52.85.242.124:443)

TCP (HTTP):

Connects to instagram-p3-shv-01-frt3.fbcdn.net (31.13.92.51:80)

TCP (HTTP SSL):

Connects to rajf3-1.i.mail.ru (217.69.142.140:443)

TCP (HTTP):

Connects to g1.formy.net (195.191.248.36:80)

TCP (HTTP SSL):

Connects to c.mail.ru (94.100.180.63:443)

TCP (SMTP):

Connects to al-ip4-mx-vip1.prodigy.net (144.160.235.143:25)

TCP (HTTP SSL):

Connects to a23-223-42-213.deploy.static.akamaitechnologies.com (23.223.42.213:443)

TCP (HTTP SSL):

Connects to a23-218-48-71.deploy.static.akamaitechnologies.com (23.218.48.71:443)

TCP (HTTP SSL):

Connects to a104-122-243-148.deploy.static.akamaitechnologies.com (104.122.243.148:443)

TCP (HTTP):

Connects to 94.ip-92-222-35.eu (92.222.35.94:80)

TCP (WHOIS):

Connects to whois.rrpproxy.net (109.234.109.37:43)

TCP (HTTP):

Connects to softether12.cc.tsukuba.ac.jp (130.158.75.44:80)

TCP (HTTP):

Connects to l2top.ru (91.121.37.31:80)

TCP:

Connects to dedic915.hidehost.net (178.159.37.63:8000)

TCP (HTTP SSL):

Connects to a104-86-244-49.deploy.static.akamaitechnologies.com (104.86.244.49:443)

TCP (HTTP SSL):

Connects to yandex.ru (5.255.255.60:443)

TCP (HTTP):

Connects to showip.net (23.253.100.206:80)

TCP (HTTP SSL):

Connects to shitmail.me (212.47.251.143:443)

Remove produpd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.