home

update.exe

Link Data Security A/S

The executable update.exe has been detected as malware by 7 anti-virus scanners.
Publisher:
Link Data Security A/S  (signed and verified)

MD5:
dcfa5aa953a2a58fe742883ae89394c6

SHA-1:
e2103ed6301c17fcd45c8e1aa50258bd13499ad2

SHA-256:
c74dccefaa1e8dc50ff0cd60448cab6702eacf32d5d2d902398c7656c97b8342

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/26/2024 11:02:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.14986
70

Bitdefender
Gen:Variant.Symmi.14986
1.0.20.1650

F-Secure
Gen:Variant.Symmi.14986
11.2016-25-11_6

G Data
Gen:Variant.Symmi.14986
16.11.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

MicroWorld eScan
Gen:Variant.Symmi.14986
17.0.0.990

Rising Antivirus
PE:HackTool.Obfuscator!1.9D0B
23.00.65.161123

File size:
1.9 MB (1,960,624 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\update.exe

Digital Signature
Signed by:
Link Data Security A/S

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
4/14/2008 4:51:31 PM

Valid to:
4/14/2010 4:51:31 PM

Subject:
CN=Link Data Security A/S, OU=Secure Application Development, O=Link Data Security A/S, L=Copenhagen, S=Copenhagen, C=DK

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
113C0EB86CB9137624A4C4DEF8095435

File PE Metadata
Compilation timestamp:
11/13/2008 9:51:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
49152:j9g6mnLoM4jTjrGL4TwTrMfh100DVBjXT/yuuuuuuuuuuuuuuuuuuuuuuuuuuuuV:j9gLh4jTj2MwToJ1N/yuuuuuuuuuuuuV

Entry address:
0x1652

Entry point:
6A, 00, E8, 07, 02, 00, 00, A3, 90, 30, 40, 00, E8, EB, 01, 00, 00, A3, 94, 30, 40, 00, 68, F0, 30, 40, 00, 6A, 01, FF, 35, 94, 30, 40, 00, E8, 33, FC, FF, FF, 85, C0, 75, 15, 54, 68, 03, 30, 40, 00, 68, F8, 32, 40, 00, E8, 24, FA, FF, FF, E9, 3D, 01, 00, 00, 68, 88, 13, 00, 00, 68, F0, 30, 40, 00, E8, 48, 01, 00, 00, 73, 1D, 68, F0, 30, 40, 00, 54, 68, 20, 30, 40, 00, 68, F8, 32, 40, 00, E8, F9, F9, FF, FF, 83, C4, 04, E9, 0F, 01, 00, 00, 68, F0, 30, 40, 00, E8, 36, FD, FF, FF, 2D, F0, 30, 40, 00, 50, 68...
 
[+]

Packer / compiler:
TASM / MASM

Code size:
2.5 KB (2,560 bytes)

Remove update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.