» toxicupdate.exe
Overview
Analysis
File Details
Behaviors (1)

toxicupdate.exe

ToxicUpdate

Tera information Technology co.Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ToxicUpdate’.

File name:

toxicupdate.exe

Publisher:

Tera information Technology co.Ltd (signed and verified)

Product:

ToxicUpdate

Version:

1.00

MD5:

886d81213c60bae564a35867ef575233

SHA-1:

92d5a9796cd2d264c8276bad7a2301c15a640b43

SHA-256:

47a50063bf4aca58a87b494188a7b30835e3eec8cee592f5faddb4696fe7a3b0

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/25/2024 4:40:57 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

SPR/Tool.Monit.A.11

7.11.170.234

Dr.Web

BACKDOOR.Trojan

9.0.1.0249

IKARUS anti.virus

possible-Threat.Tool.Monit

t3scan.1.7.5.0

McAfee

Artemis!886D81213C60

5600.7016

Trend Micro House Call

Suspicious_GEN.F47V0815

7.2.249

File size:

434.7 KB (445,096 bytes)

Product version:

1.00

Original file name:

tfUpdate.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\toxicfree\toxicupdate.exe

Digital Signature

Signed by:

Tera information Technology co.Ltd

Authority:

Thawte, Inc.

Valid from:

12/13/2013 9:00:00 AM

Valid to:

1/13/2015 8:59:59 AM

Subject:

CN=Tera information Technology co.Ltd, O=Tera information Technology co.Ltd, L=Pohang-si, S=Gyeongsangbuk-do, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

28377EF971054177D82C4AEB0DC16F3A

File PE Metadata

Compilation timestamp:

8/8/2014 7:58:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:FGQxE4jUak1MXJoNRD5k9f4g0nBv/ov0zBlEoZv/2mMQREdprYp2ZpxH28k9ySYt:DE4jloNR5v/ovyBl3GRZr

Entry address:

0x634C

Entry point:

68, BC, E0, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, C0, EC, 08, 9B, A4, EB, DF, 4B, 9E, BD, 7C, 1B, 2A, B8, A7, CA, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 6E, 74, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, D3, 05, 39, AD, 1A, A4, 07, 44, A5, 0E, 89, C5, A1, 06, 65, 7E, 6D, 7F, 0D, 67, F2, 5C, A9, 47, 85, 99, A0, 92, D8, 03, 28, F9, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Entropy:

6.2250

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

416 KB (425,984 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ToxicUpdate

Command:

C:\Program Files\toxicfree\toxicupdate.exe

Scan toxicupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.