» toxicupdate.exe
Overview
Analysis
File Details
Behaviors (1)

toxicupdate.exe

ToxicUpdate

Tera information Technology co.Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ToxicUpdate’.

File name:

toxicupdate.exe

Publisher:

Tera information Technology co.Ltd (signed and verified)

Product:

ToxicUpdate

Version:

1.00

MD5:

3b3d39bad853ff43ab6bf430c52ff291

SHA-1:

ccdcb2691e2dcd5462df9494f15dcfca562843f6

SHA-256:

26c2ed815800948b92615c825681f375849f523a89c0b2892ff2482cd6828301

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/26/2024 5:39:58 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

SPR/Tool.Monit.A.11

7.11.192.144

Dr.Web

BACKDOOR.Trojan

9.0.1.013

IKARUS anti.virus

possible-Threat.Tool.Monit

t3scan.1.8.5.0

McAfee

Artemis!3B3D39BAD853

5600.6886

Trend Micro House Call

Suspicious_GEN.F47V1105

7.2.13

File size:

434.7 KB (445,096 bytes)

Product version:

1.00

Original file name:

tfUpdate.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\toxicfree\toxicupdate.exe

Digital Signature

Signed by:

Tera information Technology co.Ltd

Authority:

Thawte, Inc.

Valid from:

12/13/2013 9:00:00 AM

Valid to:

1/13/2015 8:59:59 AM

Subject:

CN=Tera information Technology co.Ltd, O=Tera information Technology co.Ltd, L=Pohang-si, S=Gyeongsangbuk-do, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

28377EF971054177D82C4AEB0DC16F3A

File PE Metadata

Compilation timestamp:

10/19/2014 10:06:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:Z5BSE4jXCop13XPbNRDtU8vQFzdnxtqKk+uFF6kFjjCVfyRI0GsfDozQRn+M1MFk:PBSE4jtbNRUxtqK7uFFv8dswDk

Entry address:

0x637C

Entry point:

68, EC, E0, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, A6, 58, 4A, EA, 1F, FB, F1, 49, 86, DE, 27, 14, 48, EC, 98, C3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 53, 68, 61, 50, 72, 6F, 6A, 65, 63, 74, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0B, A5, 75, 4B, 72, 69, 4B, 96, 4C, B0, F0, 8F, 1B, B3, 13, DC, FC, 70, E6, 7B, E0, 59, 35, 1B, 40, 96, 20, 7C, 57, 03, 86, 4E, 60, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Entropy:

6.2318

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

416 KB (425,984 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ToxicUpdate

Command:

C:\Program Files\toxicfree\toxicupdate.exe

Scan toxicupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.