» Update.EXE
Overview
Analysis
File Details

Update.EXE

AutoUpdate

ALIKET SOFTWARE CO., LTD.

The application Update.EXE by ALIKET SOFTWARE CO. has been detected as a potentially unwanted program by 12 anti-malware scanners.

File name:

Update.EXE

Publisher:

ALIKET SOFTWARE CO., LTD. (signed and verified)

Product:

AutoUpdate

Version:

1, 0, 0, 0

MD5:

686df8ab746ea4fbe02bcb2f752bd66d

SHA-1:

53379ecb318e8a9e5a953eda3b9937d4c8a431ea

SHA-256:

b0abb43c2a475d1ba6369131550f25c3ad67b3fca596a930aae850ca7a1b715e

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 8:04:57 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/RegistryVictor.A.55

7.11.152.208

AVG

Aliket

2016.0.2917

Baidu Antivirus

Trojan.Win32.Adware

4.0.3.151123

Emsisoft Anti-Malware

Adware.Win32.RegistryWinner

8.15.11.23.09

ESET NOD32

Win32/Adware.RegistryWinner

9.8341

Fortinet FortiGate

Riskware/RegistryVictor

11/23/2015

K7 AntiVirus

Trojan

13.108.4911

NANO AntiVirus

Riskware.Win32.RegistryWinner.bqecn

0.24.0.52214

Reason Heuristics

PUP.Optional.ALIKETSOFTWARECO

15.11.23.9

Rising Antivirus

Trojan.Win32.Generic.127257E2

23.00.65.151121

Trend Micro House Call

TROJ_GEN.F47V0405

7.2.327

Vba32 AntiVirus

Adware.RegistryWinner

3.12.22.0

File size:

502.1 KB (514,168 bytes)

Product version:

1, 0, 0, 0

Original file name:

Update.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\uninstall winner\update.exe

Digital Signature

Signed by:

ALIKET SOFTWARE CO., LTD.

Authority:

Thawte, Inc.

Valid from:

10/22/2010 8:00:00 PM

Valid to:

11/26/2012 6:59:59 PM

Subject:

CN="ALIKET SOFTWARE CO., LTD.", OU=Secure Application Development, O="ALIKET SOFTWARE CO., LTD.", L=BEIJING, S=BEIJING, C=CN

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

290E9CC99535D9DE6F80E9A454C75D64

File PE Metadata

Compilation timestamp:

6/17/2009 9:38:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:VboXAJVFRIoAK6E4fkugR1LJKmFZ9HPAz+KmLa424ZuR1bOXsV2Ug:FouFRIoAK6E48uwXXFZ9HoqfYUe0

Entry address:

0xECCD

Entry point:

55, 8B, EC, 6A, FF, 68, 60, 2F, 43, 00, 68, 4C, 2B, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 00, E2, 42, 00, 33, D2, 8A, D4, 89, 15, 04, 1B, 44, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 00, 1B, 44, 00, C1, E1, 08, 03, CA, 89, 0D, FC, 1A, 44, 00, C1, E8, 10, A3, F8, 1A, 44, 00, 6A, 01, E8, BC, 3D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C2, 00, 00, 00, 59, E8, C7, 3A, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B1, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

6.2723

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

180 KB (184,320 bytes)

Remove Update.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.