» System Maintenance Updater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

System Maintenance Updater.exe

SystemMaintananceGL

OOO Gross Mauntin

The application System Maintenance Updater.exe, “SystemMaintananceUpdater” by OOO Gross Mauntin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SystemMaintenanceUpdaterGL’. This file is typically installed with the program System Maintenance GL by Gross Mauntin. While running, it connects to the Internet address websafe.virginmedia.com on port 80 using the HTTP protocol.

File name:

Publisher:

Gross Mauntin (signed by OOO Gross Mauntin)

Product:

SystemMaintananceGL

Description:

SystemMaintananceUpdater

Version:

1.0.0.0

MD5:

54d847f0a661e109261d72134372e8f5

SHA-1:

7a72f7fcdcc588511ec5992767b9a67d7f9b167c

SHA-256:

d0ff20d97edae07fe54759e10a37f629bca6910023348de657b55f736aefcdc9

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/24/2024 3:47:25 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Startup.OOOGrossMauntin.AA

14.12.18.11

File size:

209.8 KB (214,800 bytes)

Product version:

1.0.0.0

Original file name:

System Maintenance Updater.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\system maintenance gl\system maintenance updater.exe

Digital Signature

Signed by:

OOO Gross Mauntin

Authority:

COMODO CA Limited

Valid from:

8/10/2014 8:00:00 PM

Valid to:

8/11/2015 7:59:59 PM

Subject:

CN=OOO Gross Mauntin, O=OOO Gross Mauntin, STREET="Pochtovaya B, 26B str 1", L=Moscow, S=Moscow, PostalCode=105082, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

04B303957ACC562D3D5358976AAC9FD2

File PE Metadata

Compilation timestamp:

9/1/2014 4:12:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:UZAt8X+BZH7IcgueAtLGAHZTw2MPZUJSJSSiINX6dfLPIOBA0ct2W1D:UZSbIcguDtLN82y0SimiTQPD

Entry address:

0x1C78E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

106 KB (108,544 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SystemMaintenanceUpdaterGL

Command:

"C:\Program Files\system maintenance gl\system maintenance updater.exe"

The file System Maintenance Updater.exe has been discovered within the following program.

System Maintenance GL by Gross Mauntin

www.system-maintenancepro.com

About 5% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to websafe.virginmedia.com (62.254.123.86:80)

Remove System Maintenance Updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.