» upd.exe
Overview
Analysis
File Details

upd.exe

QUANTO SOLUCOES E SISTEMA LTDA

The executable upd.exe has been detected as malware by 19 anti-virus scanners.

File name:

upd.exe

Publisher:

QUANTO SOLUCOES E SISTEMA LTDA (signed and verified)

MD5:

7db44b58c1e5ed57016d091acb38da0a

SHA-1:

e20fa35e8370db47a77b8860bf16aa7ee5fbfdf9

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

4/26/2024 12:04:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.383414

269

Agnitum Outpost

TrojanSpy.Banker

7.1.1

AhnLab V3 Security

Trojan/Win32.Bifrose

2014.06.06

Avira AntiVirus

TR/Kazy.383414

7.11.153.118

avast!

Win32:Malware-gen

2014.9-160510

AVG

PSW.Banker6

2017.0.2747

Bitdefender

Gen:Variant.Kazy.383414

1.0.20.655

Emsisoft Anti-Malware

Gen:Variant.Kazy.383414

8.16.05.10.12

ESET NOD32

Win32/Spy.Banker.AAVM (variant)

10.9903

Fortinet FortiGate

W32/Banker.AAVM!tr.spy

5/10/2016

F-Secure

Gen:Variant.Kazy.383414

11.2016-10-05_3

G Data

Gen:Variant.Kazy.383414

16.5.24

IKARUS anti.virus

Trojan-PWS.Banker6

t3scan.1.6.1.0

McAfee

Artemis!7DB44B58C1E5

5600.6403

MicroWorld eScan

Gen:Variant.Kazy.383414

17.0.0.393

Qihoo 360 Security

Win32/Trojan.41e

1.0.0.1015

Trend Micro House Call

TROJ_GEN.F47V0520

7.2.131

Trend Micro

PAK_Generic.009

10.465.10

VIPRE Antivirus

Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X

30004

File size:

1.2 MB (1,237,856 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\AppData\upd.exe

Digital Signature

Signed by:

QUANTO SOLUCOES E SISTEMA LTDA

Authority:

Thawte, Inc.

Valid from:

4/2/2014 9:00:00 PM

Valid to:

4/3/2015 8:59:59 PM

Subject:

CN=QUANTO SOLUCOES E SISTEMA LTDA, O=QUANTO SOLUCOES E SISTEMA LTDA, L=PRESIDENTE PRUDENTE, S=SAO PAULO, C=BR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

00B87EDE3281FFB1EE77DF86B54A8CB0

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:NVpZ95LQDZHdTNH08gMZ+pVFjh5Ni6x4MjAK0uh+JE:teDF1NH064FkqVoJE

Entry address:

0x21B22

Entry point:

55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, F2, 41, 37, 00, FA, 72, EA, AF, 0F, 57, 11, 42, BF, 94, EA, 9D, 27, BC, EE, EA, 83, 13, 5C, 32, 2C, 7D, 19, 4B, E1, 38, 82, EC, 8D, 28, 38, 2F, 9D, AA, A3, 04, B8, C1, 8F, 4C, D8, 95, E4, 1D, CC, BB, 71, 6E, CE, 87, 75, 90, FA, E2, 2D, 0B, 3F, 00, F5, 5E, 7E, BB, 7B, D9, 1A, 61, AD, 04, 9D, E8, 0C, 20, 77, 62, DF, 61, EA, D8, AC, 58, 64, FC, 7A, AA, 48, A1, 8F, D6, 70, 88, B4, 47, 33, 86, 4D, EA, 64, 10, 89, 54... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

327.5 KB (335,360 bytes)

Remove upd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.