» updane.exe
Overview
Analysis
File Details
Behaviors (2)
Network (34)

updane.exe

The application updane.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Chromium by Chromium.

File name:

updane.exe

MD5:

ec238fedfa22cbdcd555a43aa89a02ce

SHA-1:

3759ecd87159c6eee9f08ad470f104ce1a8be5bd

SHA-256:

a5b9711bd0f7ed827fcd5d5c8e61ee434d88dabbc2298451f5e9960ea9e95556

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 2:08:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.322083

-27

Avira AntiVirus

ADWARE/DealPly.rpfyk

8.3.3.4

Arcabit

Trojan.Graftor.D4EA23

1.0.0.795

Bitdefender

Gen:Variant.Graftor.322083

1.0.20.305

Emsisoft Anti-Malware

Gen:Variant.Graftor.322083

8.17.03.02.08

Fortinet FortiGate

Riskware/PUP

3/2/2017

F-Secure

Variant.Graftor.322083

5.16.24

G Data

Gen:Variant.Graftor.322083

17.3.25

McAfee

PUP-FPD

5600.6107

MicroWorld eScan

Gen:Variant.Graftor.322083

18.0.0.183

Panda Antivirus

Trj/GdSda.A

17.03.02.08

VIPRE Antivirus

Trojan.Win32.Generic

56354

File size:

2.3 MB (2,444,800 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\config\systemprofile\appdata\roaming\wincy\updane.exe

File PE Metadata

Compilation timestamp:

3/21/2015 5:25:47 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x21A3B8

Entry point:

55, 8B, EC, 83, C4, F0, B8, 4C, 1C, 61, 00, E8, 74, 3A, DF, FF, A1, 08, FE, 61, 00, 8B, 00, E8, 14, 47, FB, FF, 8B, 0D, DC, FB, 61, 00, A1, 08, FE, 61, 00, 8B, 00, 8B, 15, 34, 71, 5D, 00, E8, 14, 47, FB, FF, A1, 08, FE, 61, 00, 8B, 00, E8, 64, 48, FB, FF, E8, 13, EB, DE, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 00, 00, 00, 19, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7545

Developed / compiled with:

Microsoft Visual C++

Code size:

2.1 MB (2,197,504 bytes)

Program Uninstaller

Program name:

Chromium

Display publisher:

Chromium

Display version:

46.0.2472.0

Uninstall string:

"C:\users\{user}\appdata\local\{7a574c0b-5eff-20b3-3367-055b170ff9c3}\uninstall.exe" \uninstall \s \noun

Scheduled Task

Task name:

{02FDADB6-047D-0E43-54DA-101EF814625A}

Trigger:

Daily (Runs daily at 6:01 PM)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-225-212-5.compute-1.amazonaws.com (54.225.212.5:80)

TCP (HTTP):

Connects to ec2-107-20-201-65.compute-1.amazonaws.com (107.20.201.65:80)

TCP (HTTP SSL):

Connects to geoip-zlb.vips.scl3.mozilla.com (63.245.215.82:443)

TCP (HTTP):

Connects to ec2-23-21-246-202.compute-1.amazonaws.com (23.21.246.202:80)

TCP (HTTP):

Connects to ec2-54-83-207-70.compute-1.amazonaws.com (54.83.207.70:80)

TCP (HTTP):

Connects to ec2-184-73-230-77.compute-1.amazonaws.com (184.73.230.77:80)

TCP (HTTP):

Connects to ec2-107-21-228-208.compute-1.amazonaws.com (107.21.228.208:80)

TCP (HTTP):

Connects to server-54-230-149-202.sin2.r.cloudfront.net (54.230.149.202:80)

TCP (HTTP):

Connects to server-54-192-36-89.jfk1.r.cloudfront.net (54.192.36.89:80)

TCP (HTTP):

Connects to server-52-85-63-66.lhr50.r.cloudfront.net (52.85.63.66:80)

TCP (HTTP):

Connects to server-52-85-167-153.gig50.r.cloudfront.net (52.85.167.153:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.114.42:80)

TCP (HTTP):

Connects to ec2-34-198-225-71.compute-1.amazonaws.com (34.198.225.71:80)

TCP (HTTP):

Connects to ec2-23-23-166-158.compute-1.amazonaws.com (23.23.166.158:80)

TCP (HTTP):

Connects to ec2-23-21-246-179.compute-1.amazonaws.com (23.21.246.179:80)

Remove updane.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.