» UPDATE.EXE
Overview
Analysis
File Details

UPDATE.EXE

System operacyjny Microsoft Windows

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable UPDATE.EXE, “Instalator dodatku Service Pack systemu Windows” has been detected as malware by 10 anti-virus scanners.

File name:

UPDATE.EXE

Publisher:

Microsoft Corporation (signed and verified)

Product:

System operacyjny Microsoft® Windows®

Description:

Instalator dodatku Service Pack systemu Windows

Version:

6.3.0015.0 built by: dnsrv

MD5:

bcd180aefc7619c5caa158ad4fbcc07c

SHA-1:

3bfd8b6f301d8f843791075dfbbfdaf1889cbacd

SHA-256:

f76e4f2d63549c058a9a7f00ee085a5d01beaa2019f60d4a4da67b1087bcc167

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/26/2024 11:21:50 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160213-1

AVG

Win32/Mabezat

2015.0.4522

Dr.Web

Win32.HLLW.Tazebama

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

10.0.0.5366

ESET NOD32

Win32/Mabezat.A virus

7.0.302.0

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

McAfee

Virus.W32/Mabezat.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6144.0

Norman

Win32.Worm.Mabezat.Gen

08.02.2016 04:24:12

Sophos

Virus 'W32/Mabezat-B'

5.23

File size:

898.4 KB (919,951 bytes)

Product version:

6.3.0015.0

Original file name:

UPDATE.EXE

File type:

Executable application (Win32 EXE)

Language:

Polish

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

8/23/2007 12:23:13 AM

Valid to:

2/23/2009 12:33:13 AM

Subject:

CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

610F784D000000000003

File PE Metadata

Compilation timestamp:

12/21/2007 8:27:32 AM

OS version:

5.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

24576:x8yl4V9oaPtbIs7zM7Xy5zc4+SiDUIMGR:CY4Ddf7U90qMg

Entry address:

0x6BF21

Entry point:

BB, B5, 3A, C2, BD, 93, E9, 20, 01, 00, 00, 52, F8, 5B, 57, 03, 87, 5B, 57, FB, 81, E6, DB, DB, 5B, DB, DB, 59, DB, DB, DB, 3A, 0C, 11, 0C, 0B, 0C, 14, 12, 11, DB, DB, DB, 4F, 3C, 55, 40, 3D, 3C, 48, 3C, 09, 3F, 47, 47, DB, DB, DB, DB, 37, DB, DB, DB, 21, 4D, 40, 40, 27, 44, 3D, 4D, 3C, 4D, 54, DB, 1E, 4D, 40, 3C, 4F, 40, 1F, 44, 4D, 40, 3E, 4F, 4A, 4D, 54, 1C, DB, DB, DB, DB, 22, 40, 4F, 32, 44, 49, 3F, 4A, 52, 4E, 1F, 44, 4D, 40, 3E, 4F, 4A, 4D, 54, 1C, DB, DB, DB, DB, 22, 40, 4F, 28, 4A, 3F, 50, 47, 40... 
[+]

Code size:

608 KB (622,592 bytes)

Remove UPDATE.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.