home

update.exe

The executable update.exe has been detected as malware by 36 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
3addbf9a2810e4727aca80334be10de9

SHA-1:
7d1d62f308dac37c8b9a8bccc6ee1456ed8bc499

SHA-256:
e00044e13a9729612ad9d94bbad72a869903368415b8af3c46d7559d53c0938c

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/26/2024 7:08:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1451371
926

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Backdoor/Win32.Androm
14.07.23

Avira AntiVirus
TR/Rogue.1451371
7.11.149.10

avast!
Win32:Malware-gen
2014.9-140723

AVG
BackDoor.Generic18
2015.0.3404

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.14723

Bitdefender
Trojan.GenericKD.1451371
1.0.20.1020

Bkav FE
W32.DropperWauchosE.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18258

Dr.Web
Trojan.Inject2.23
9.0.1.0204

Emsisoft Anti-Malware
Trojan.GenericKD.1451371
8.14.07.23.03

ESET NOD32
Win32/TrojanDownloader.Wauchos
8.9786

Fortinet FortiGate
W32/Androm.BJFG!tr.bdr
7/23/2014

F-Prot
W32/Trojan2.OCDF
v6.4.7.1.166

F-Secure
Trojan.GenericKD.1451371
11.2014-23-07_4

G Data
Trojan.GenericKD.1451371
14.7.24

IKARUS anti.virus
Trojan.Crypt_s
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12041

Kaspersky
Backdoor.Win32.Androm
14.0.0.3517

McAfee
RDN/Generic.grp!gn
5600.7060

Microsoft Security Essentials
Worm:Win32/Gamarue.I
1.10502

MicroWorld eScan
Trojan.GenericKD.1451371
15.0.0.612

NANO AntiVirus
Trojan.Win32.Androm.cumnit
0.28.0.59608

Norman
Troj_Generic.RQJTZ
11.20140723

nProtect
Backdoor/W32.Androm.107008.C
14.05.11.01

Panda Antivirus
Trj/WLT.A
14.07.23.03

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Backdoor.Androm.bjf.cw4
7.14.14.00

Rising Antivirus
PE:Trojan.Win32.Fednu.uqf!1075355003
23.00.65.14721

Sophos
Mal/Generic-L
4.98

Total Defense
Win32/Gamarue.ML
37.0.10931

Trend Micro
BKDR_ANDROM.TZ
10.465.23

Vba32 AntiVirus
SScope.Malware-Cryptor.Zbot.2613
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Cridex.tau
29110

ViRobot
Backdoor.Win32.A.Androm.107008.D
2011.4.7.4223

File size:
104.5 KB (107,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\update.exe

File PE Metadata
Compilation timestamp:
12/1/2013 2:25:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:6DFbruUM3COeiXvbYlKllyPVMeADT5MoO6/miZYa0QfoziJRxaUC8rnJN:6Br54CvGbYvPVMbTmoOZdQQzSX

Entry address:
0x17526

Entry point:
55, 8B, EC, 83, EC, 50, 57, 53, 56, 8B, 15, 68, C5, 41, 00, 52, 8D, 35, 94, C4, 41, 00, 89, 75, BC, FF, 75, BC, A1, 6C, C5, 41, 00, 50, FF, 15, 54, 15, 40, 00, A3, B0, C4, 41, 00, 68, B4, C3, 41, 00, FF, 15, BC, 14, 40, 00, A3, 58, C4, 41, 00, 8D, 15, 68, C4, 41, 00, 52, FF, 15, EC, 14, 40, 00, 8B, 15, 3C, C4, 41, 00, 89, 55, E8, FF, 75, E8, 52, 8B, 35, 30, C6, 41, 00, 56, 89, 55, DC, FF, 75, DC, 8B, 35, 70, C5, 41, 00, 56, 68, 00, 00, 00, 80, 68, 38, C4, 41, 00, FF, 15, E4, 14, 40, 00, A3, 54, C4, 41, 00...
 
[+]

Entropy:
5.8503

Developed / compiled with:
Microsoft Visual C++

Code size:
17.5 KB (17,920 bytes)

Remove update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.