home

UpDate.exe

VStart 更新

Shanghai Tuizhong Network Technology Studio

The application UpDate.exe by Shanghai Tuizhong Network Technology Studio has been detected as a potentially unwanted program by 3 anti-malware scanners.
Publisher:
MTT  (signed by Shanghai Tuizhong Network Technology Studio)

Product:
VStart 更新

Version:
2.00

MD5:
71effe1997f009a0158c8fd65b0412dd

SHA-1:
8307d72755830cfd4eba8af227d2261650d1bac0

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 1:15:47 AM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!71EFFE1997F0
5600.7074

Reason Heuristics
Adware.Downloader.STN.Meta (M)
16.3.2.22

VIPRE Antivirus
Trojan-Downloader.Trojan
30914

File size:
42 KB (42,960 bytes)

Product version:
2.00

Original file name:
UpDate.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (PRC)

Common path:
C:\Program Files\vstart50\update.exe

Digital Signature
Signed by:
Shanghai Tuizhong Network Technology Studio

Authority:
VeriSign, Inc.

Valid from:
5/7/2012 8:00:00 AM

Valid to:
5/8/2013 7:59:59 AM

Subject:
CN=Shanghai Tuizhong Network Technology Studio, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Shanghai Tuizhong Network Technology Studio, L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
168C50E807302FBEE40FD964EF54E7FA

File PE Metadata
Compilation timestamp:
5/26/2012 11:10:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:zmAacH+UlMz/V+XfJpkewyaZYmz39SUTIq/K8RUgyqfK8RUgQQdQDuuDKWyZYHXP:z/DeUChgeeazrgUTJQDjaOGIILlS

Entry address:
0x1618

Entry point:
68, 08, 1A, 40, 00, E8, EE, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 36, FB, E2, D1, 81, 54, 95, 46, A9, E3, 41, 7A, 87, ED, 8C, 42, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 0D, 0A, 45, 6E, 64, 0D, 55, 70, 44, 61, 74, 65, 00, 75, 00, 65, 20, 56, 42, 5F, 4E, 61, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, 8A, B1, D4, 70, B6, A6, 38, 40, 8A, 2A, ED, C1, D7, B3, FC, 05, 01, 00, 00, 00, 98, 00, 00, 00, A8, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Entropy:
4.9738

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
24 KB (24,576 bytes)

Remove UpDate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.