produpd.exe

produpd.exe

Vested Development, Inc

The application produpd.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. While running, it connects to the Internet address whois.rrpproxy.net on port 43.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
ffe097ce6f629f5cc6c660b8b1561c03

SHA-1:
17ab6a2969a68be0f3f900cb1ac822d48365f75a

SHA-256:
c4e8bac17943b8e812dadb1d831d5ac9dc0baab6d4389cc81c746b9a05db7dea

Scanner detections:
31 / 68

Status:
Potentially unwanted

Analysis date:
2/20/2017 6:41:05 AM UTC  (nine months ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.214304
-16

AhnLab V3 Security
Trojan/Win32.Glupteba.C1592487
3.8.3.16

Avira AntiVirus
TR/ATRAPS.napoz
8.3.3.4

Antiy Labs AVL
Trojan/Win32.AGeneric
1.0.0.1

Arcabit
Trojan.Zusy.D34520
1.0.0.795

avast!
Win32:Malware-gen
2014.9-170220

AVG
Atros5
2018.0.2462

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17220

Bitdefender
Gen:Variant.Zusy.214304
1.0.20.255

CrowdStrike
malicious_confidence_89% (D)
1.0

Emsisoft Anti-Malware
Gen:Variant.Zusy.214304
8.17.02.20.01

Endgame
malicious (moderate confidence)
0.1.0

ESET NOD32
Win32/Glupteba.AU (variant)
11.14963

F-Secure
Gen:Variant.Zusy.214304
11.2017-20-02_2

G Data
Gen:Variant.Zusy.214304
17.2.25

IKARUS anti.virus
Trojan.Win32.Glupteba
0.1.3.4

Invincea
virus.win32.sality.at
6.2.2.24419

Jiangmin
Trojan.Generic.askoq
KV170220

K7 Gateway Antivirus
Trojan
13.10.1.22469

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1195

Malwarebytes
PUP.Optional.ProductUpdater
v2017.02.20.01

McAfee
Trojan-FLGP!FFE097CE6F62
5600.6118

McAfee Web Gateway
BehavesLike.Win32.AdwareConvertAd.hh
7.6118

MicroWorld eScan
Gen:Variant.Zusy.214304
18.0.0.153

NANO AntiVirus
Trojan.Win32.Glupteba.elosrp
1.0.70.15190

Panda Antivirus
Trj/GdSda.A
17.02.20.01

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Generic.5!tfe (thunder:5:NThWKYq1RvK)
23.00.65.17218

VIPRE Antivirus
Trojan.Win32.Generic
56096

Webroot
Malicious
1.0.0.207

Yandex
Trojan.Agent!HY8oNgvzayw
5.5.1.3

File size:
511.5 KB (523,776 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
2/20/2017 7:01:06 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x1DC21

Entry point:
E8, F5, 09, 00, 00, E9, 8E, FE, FF, FF, FF, 25, 84, 72, 45, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 6E, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 5D, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, 20, 47, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00...
 
[+]

Code size:
340.5 KB (348,672 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to smtp.spmode.ne.jp  (49.102.153.228:465)

TCP (HTTP SSL):
Connects to server-54-230-97-81.arn1.r.cloudfront.net  (54.230.97.81:443)

TCP (HTTP SSL):
Connects to server-52-85-242-124.arn1.r.cloudfront.net  (52.85.242.124:443)

TCP (HTTP):
Connects to instagram-p3-shv-01-frt3.fbcdn.net  (31.13.92.51:80)

TCP (HTTP SSL):
Connects to rajf3-1.i.mail.ru  (217.69.142.140:443)

TCP (HTTP):
Connects to g1.formy.net  (195.191.248.36:80)

TCP (HTTP SSL):
Connects to c.mail.ru  (94.100.180.63:443)

TCP (SMTP):
Connects to al-ip4-mx-vip1.prodigy.net  (144.160.235.143:25)

TCP (HTTP SSL):
Connects to a23-223-42-213.deploy.static.akamaitechnologies.com  (23.223.42.213:443)

TCP (HTTP SSL):
Connects to a23-218-48-71.deploy.static.akamaitechnologies.com  (23.218.48.71:443)

TCP (HTTP SSL):
Connects to a104-122-243-148.deploy.static.akamaitechnologies.com  (104.122.243.148:443)

TCP (HTTP):
Connects to 94.ip-92-222-35.eu  (92.222.35.94:80)

TCP (WHOIS):
Connects to whois.rrpproxy.net  (109.234.109.37:43)

TCP (HTTP):
Connects to softether12.cc.tsukuba.ac.jp  (130.158.75.44:80)

TCP (HTTP):
Connects to l2top.ru  (91.121.37.31:80)

TCP:
Connects to dedic915.hidehost.net  (178.159.37.63:8000)

TCP (HTTP SSL):
Connects to a104-86-244-49.deploy.static.akamaitechnologies.com  (104.86.244.49:443)

TCP (HTTP SSL):
Connects to yandex.ru  (5.255.255.60:443)

TCP (HTTP):
Connects to showip.net  (23.253.100.206:80)

TCP (HTTP SSL):
Connects to shitmail.me  (212.47.251.143:443)

Remove produpd.exe - Powered by Reason Core Security