home

UPDATE.EXE

System operacyjny Microsoft Windows

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable UPDATE.EXE, “Instalator dodatku Service Pack systemu Windows” has been detected as malware by 8 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
System operacyjny Microsoft® Windows®

Description:
Instalator dodatku Service Pack systemu Windows

Version:
6.1.0022.4 (SRV03_QFE.031113-0918)

MD5:
44b7e5ba16dff46effe259a3549e7c96

SHA-1:
a142e568f9263818577077e81ad66c61bd85e77a

SHA-256:
2ace0890202de8e90196cbb1975d757b4a098ba1fab0138d39e276aed73f515b

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/26/2024 4:49:38 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160205-1

AVG
Win32/Mabezat
2015.0.4477

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

ESET NOD32
Win32/Mabezat.A virus
7.0.302.0

Kaspersky
Worm.Win32.Mabezat
15.0.0.562

McAfee
Virus.W32/Mabezat.a
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5996.0

VIPRE Antivirus
Threat.303962
47028

File size:
861.6 KB (882,255 bytes)

Product version:
6.1.0022.4

Copyright:
© Microsoft Corporation. Wszelkie prawa zastrzeżone.

Original file name:
UPDATE.EXE

File type:
Executable application (Win32 EXE)

Language:
Polish

Common path:
C:\windows\softwaredistribution\download\1a3368e8311d74a252431bc3abc613da\update\update.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
1/5/2005 11:20:19 PM

Valid to:
4/5/2006 11:30:19 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, OU=Copyright (c) 2000 Microsoft Corp., O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6105875800030000005A

File PE Metadata
Compilation timestamp:
2/24/2005 8:57:32 PM

OS version:
5.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
12288:XDmTB+aMygg8AeIrUQ6EKnx3f+qYiSwnGeKtWTlPA:XCTYNg8Axr76Vx3flYiSwGeKtWT9A

Entry address:
0x66A11

Entry point:
BB, CC, 04, 1F, F6, 93, E9, 20, 01, 00, 00, 05, AB, 0E, 0A, B6, 3A, 0E, 0A, 6E, A0, 99, 8E, 8E, 0E, 8E, 8E, 95, 8E, 8E, 8E, ED, BF, C4, BF, BE, BF, C7, C5, C4, 8E, 8E, 8E, 02, EF, 08, F3, F0, EF, FB, EF, BC, F2, FA, FA, 8E, 8E, 8E, 8E, EA, 8E, 8E, 8E, D4, 00, F3, F3, DA, F7, F0, 00, EF, 00, 07, 8E, D1, 00, F3, EF, 02, F3, D2, F7, 00, F3, F1, 02, FD, 00, 07, CF, 8E, 8E, 8E, 8E, D5, F3, 02, E5, F7, FC, F2, FD, 05, 01, D2, F7, 00, F3, F1, 02, FD, 00, 07, CF, 8E, 8E, 8E, 8E, D5, F3, 02, DB, FD, F2, 03, FA, F3...
 
[+]

Code size:
569 KB (582,656 bytes)

Remove UPDATE.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.