home

UPDATE.EXE

Sistema operacional Microsoft Windows

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable UPDATE.EXE, “Instalação do Windows Service Pack” has been detected as malware by 13 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Sistema operacional Microsoft® Windows®

Description:
Instalação do Windows Service Pack

Version:
6.1.0022.4 (SRV03_QFE.031113-0918)

MD5:
2537b78bf115de5f108874e8c8b4e46b

SHA-1:
3b41bf01657d19b58762927821788a81ee8e15a0

SHA-256:
bbbe23444539cd15f9d97748361d2878d3da9ab8b6bbe7b2cda550b219eb1dd5

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/25/2024 2:49:26 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Patched-JI
160209-2

AVG
Win32/Slugin.A
2015.0.4477

Dr.Web
Win32.Wplugin.1
9.0.1.05190

Emsisoft Anti-Malware
Win32.SlugIn
10.0.0.5366

ESET NOD32
Win32/Agent.NAG virus
7.0.302.0

F-Prot
W32/Slugin.B
4.6.5.141

F-Secure
Win32.SlugIn.A
5.15.21

Kaspersky
Virus.Win32.Slugin
15.0.0.562

McAfee
Virus.W32/Wplugin
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5826.0

Norman
Win32.SlugIn.A
03.02.2016 07:38:05

Sophos
Virus 'W32/Slugin-A'
5.23

VIPRE Antivirus
Threat.4314870
47028

File size:
799.2 KB (818,371 bytes)

Product version:
6.1.0022.4

Copyright:
© Microsoft Corporation. Todos os direitos reservados.

Original file name:
UPDATE.EXE

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\Documents and Settings\{user}\My iso files\i386\update\update.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
1/5/2005 11:20:19 PM

Valid to:
4/5/2006 11:30:19 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6105875800030000005A

File PE Metadata
Compilation timestamp:
2/24/2005 4:57:32 PM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:DDmTB+aMygg8AeIrUQ6EKnF3f+qYiSNAg4zk1:DCTYNg8Axr76VF3flYiSNSk1

Entry address:
0x66A11

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 00, 10, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 00, 10, 89, 45, 00, 8B, 83, B3, 4B, 00, 10, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 00, 10, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 00, 10, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 00, 10, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
569 KB (582,656 bytes)

Remove UPDATE.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.