» produpd.exe
Overview
Analysis
File Details
Network (21)

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 2 anti-virus scanners. While running, it connects to the Internet address icebergcone.com on port 8000.

File name:

produpd.exe

Publisher:

Vested Development, Inc

Product:

produpd.exe

Version:

2.2.1.23

MD5:

e20a81ef1332c01ab6ad0097ae87e90a

SHA-1:

c3e2fe75a51d5fb732d6f372c2a06545ccfc7ba4

SHA-256:

a337ae83c4f4a741614e355aa74f82bfa750c329fffbddf754bd3507c694c5e6

Scanner detections:

2 / 68

Status:

Malware

Analysis date:

4/23/2024 8:55:55 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Glupteba.AU trojan

6.3.12010.0

F-Secure

Variant.Zusy.214304

5.16.24

File size:

475.5 KB (486,912 bytes)

Product version:

2.2.0.2

Original file name:

produpd.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata

Compilation timestamp:

2/28/2017 12:40:16 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x187B1

Entry point:

E8, D5, 09, 00, 00, E9, 8E, FE, FF, FF, FF, 25, 78, 12, 45, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 6E, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 5D, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, A0, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00... 
[+]

Code size:

316.5 KB (324,096 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (WHOIS):

Connects to ip-104-238-108-1.ip.secureserver.net (104.238.108.1:43)

TCP:

Connects to icebergcone.com (91.142.85.224:8000)

TCP:

Connects to dedic915.hidehost.net (178.159.37.63:8000)

TCP (HTTP SSL):

Connects to o2.mail.ru (94.100.180.61:443)

TCP:

Connects to ih425675.dedic.myihor.ru (193.124.177.10:8000)

TCP (WHOIS):

Connects to whois.ripe.net (193.0.6.135:43)

TCP (WHOIS):

Connects to serv216.icb.co.uk (193.223.78.216:43)

TCP (WHOIS):

Connects to whois2.dk-hostmaster.dk (193.163.102.21:43)

TCP (WHOIS):

Connects to whois.rrpproxy.net (109.234.109.37:43)

TCP (WHOIS):

Connects to whois.networksolutions.com (205.178.188.12:43)

TCP (WHOIS):

Connects to whois.lon3.verisign.com (199.7.58.74:43)

TCP (WHOIS):

Connects to whois.dfw2.verisign.com (199.7.53.74:43)

TCP (WHOIS):

Connects to whois.arin.net (199.212.0.46:43)

TCP:

Connects to pp243719.pppoe.cust.dsi.ru (195.206.34.68:4899)

TCP:

Connects to ip-static-94-242-253-30.server.lu (94.242.253.30:8000)

TCP (HTTP SSL):

Connects to employsystem.nq.pl (195.242.93.82:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-frt3.facebook.com (31.13.92.36:443)

TCP (WHOIS):

Connects to ec2-52-213-130-166.eu-west-1.compute.amazonaws.com (52.213.130.166:43)

TCP (HTTP):

Connects to dev.ucoz.net (193.109.246.46:80)

TCP (WHOIS):

Connects to columbia.plig.net (188.226.162.120:43)

Remove produpd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.