produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 2 anti-virus scanners. While running, it connects to the Internet address icebergcone.com on port 8000.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
e20a81ef1332c01ab6ad0097ae87e90a

SHA-1:
c3e2fe75a51d5fb732d6f372c2a06545ccfc7ba4

SHA-256:
a337ae83c4f4a741614e355aa74f82bfa750c329fffbddf754bd3507c694c5e6

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/18/2018 1:07:11 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Glupteba.AU trojan
6.3.12010.0

F-Secure
Variant.Zusy.214304
5.16.24

File size:
475.5 KB (486,912 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
2/28/2017 12:40:16 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x187B1

Entry point:
E8, D5, 09, 00, 00, E9, 8E, FE, FF, FF, FF, 25, 78, 12, 45, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 6E, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 5D, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, A0, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00...
 
[+]

Code size:
316.5 KB (324,096 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (WHOIS):
Connects to ip-104-238-108-1.ip.secureserver.net  (104.238.108.1:43)

TCP:
Connects to icebergcone.com  (91.142.85.224:8000)

TCP:
Connects to dedic915.hidehost.net  (178.159.37.63:8000)

TCP (HTTP SSL):
Connects to o2.mail.ru  (94.100.180.61:443)

TCP:
Connects to ih425675.dedic.myihor.ru  (193.124.177.10:8000)

TCP (WHOIS):
Connects to whois.ripe.net  (193.0.6.135:43)

TCP (WHOIS):
Connects to serv216.icb.co.uk  (193.223.78.216:43)

TCP (WHOIS):
Connects to whois2.dk-hostmaster.dk  (193.163.102.21:43)

TCP (WHOIS):
Connects to whois.rrpproxy.net  (109.234.109.37:43)

TCP (WHOIS):
Connects to whois.networksolutions.com  (205.178.188.12:43)

TCP (WHOIS):
Connects to whois.lon3.verisign.com  (199.7.58.74:43)

TCP (WHOIS):
Connects to whois.dfw2.verisign.com  (199.7.53.74:43)

TCP (WHOIS):
Connects to whois.arin.net  (199.212.0.46:43)

TCP:
Connects to pp243719.pppoe.cust.dsi.ru  (195.206.34.68:4899)

TCP:
Connects to ip-static-94-242-253-30.server.lu  (94.242.253.30:8000)

TCP (HTTP SSL):
Connects to employsystem.nq.pl  (195.242.93.82:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (WHOIS):
Connects to ec2-52-213-130-166.eu-west-1.compute.amazonaws.com  (52.213.130.166:43)

TCP (HTTP):
Connects to dev.ucoz.net  (193.109.246.46:80)

TCP (WHOIS):
Connects to columbia.plig.net  (188.226.162.120:43)

Remove produpd.exe - Powered by Reason Core Security