» update.exe
Overview
Analysis
File Details
Behaviors (1)

update.exe

The executable update.exe has been detected as malware by 38 anti-virus scanners.

File name:

update.exe

MD5:

1819fcf7976a39d32244e39524da1820

SHA-1:

e691874a71e31c7c0e0e74018bd690faa8ff483d

SHA-256:

1fd1aa83dde2608a5fba85153b8125c5dd17aa8e545ca8f61f5821ea119c6da5

Scanner detections:

38 / 68

Status:

Malware

Analysis date:

4/25/2024 10:40:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Agent.AASN

701

Agnitum Outpost

Trojan.Agent2

7.1.1

AhnLab V3 Security

HEUR/Fakon.mwf

2014.11.25

Avira AntiVirus

TR/Patched.Ren.Gen

7.11.188.174

avast!

Win32:Vitro

2014.9-150305

AVG

Worm/Generic

2016.0.3179

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.1535

Bitdefender

Backdoor.Agent.AASN

1.0.20.320

Bkav FE

W32.UpdateUSBA

1.3.0.4959

Clam AntiVirus

Win.Trojan.Agent-368273

0.98/21511

Comodo Security

TrojWare.Win32.Trojan.Agent2.~crp

20192

Dr.Web

Trojan.MulDrop4.55815

9.0.1.064

Emsisoft Anti-Malware

Backdoor.Agent.AASN

8.15.03.05.09

ESET NOD32

Win32/Agent.NEC

9.10778

Fortinet FortiGate

W32/Rotinom.SME!tr

3/5/2015

F-Prot

W32/Agent.VH.gen

v6.4.7.1.166

F-Secure

Backdoor.Agent.AASN

11.2015-05-03_5

G Data

Backdoor.Agent.AASN

15.3.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.14134

Kaspersky

Trojan.Win32.Agent

14.0.0.2390

Malwarebytes

Backdoor.Agent

v2015.03.05.09

McAfee

W32/Rotinom

5600.6835

Microsoft Security Essentials

Worm:Win32/Folstart.A

1.11202

MicroWorld eScan

Backdoor.Agent.AASN

16.0.0.192

NANO AntiVirus

Trojan.Win32.Agent2.wefwk

0.28.6.63726

Norman

Malware

11.20150305

nProtect

Trojan/W32.Agent2.223698

14.11.25.01

Qihoo 360 Security

Worm.Win32.FakeFolder.CT

1.0.0.1015

Quick Heal

Worm.Folstart.A2

3.15.14.00

Rising Antivirus

PE:Worm.Win32.Autorun.tic!1541763

23.00.65.15303

Sophos

Mal/Behav-043

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Rotinom

10015

Total Defense

Win32/Rimecud.AUC

37.0.11298

Trend Micro House Call

WORM_ROTINOM.SME

7.2.64

Trend Micro

WORM_ROTINOM.SME

10.465.05

Vba32 AntiVirus

Trojan.Agent

3.12.26.3

ViRobot

Trojan.Win32.Agent.97792.L

2011.4.7.4223

File size:

218.5 KB (223,698 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\start\update.exe

File PE Metadata

Compilation timestamp:

5/31/2009 3:03:47 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:DqilUaT+/RAc23laPLXkyqSz5xZBQlgK:Dwn6c2VLSz5xZBb

Entry address:

0x40D9

Entry point:

E8, 58, 35, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F8, 0F, 41, 00, 89, 0D, F4, 0F, 41, 00, 89, 15, F0, 0F, 41, 00, 89, 1D, EC, 0F, 41, 00, 89, 35, E8, 0F, 41, 00, 89, 3D, E4, 0F, 41, 00, 66, 8C, 15, 10, 10, 41, 00, 66, 8C, 0D, 04, 10, 41, 00, 66, 8C, 1D, E0, 0F, 41, 00, 66, 8C, 05, DC, 0F, 41, 00, 66, 8C, 25, D8, 0F, 41, 00, 66, 8C, 2D, D4, 0F, 41, 00, 9C, 8F, 05, 08, 10, 41, 00, 8B, 45, 00, A3, FC, 0F, 41, 00, 8B, 45, 04, A3, 00, 10, 41, 00, 8D, 45, 08, A3, 0C, 10, 41... 
[+]

Entropy:

2.9000

Code size:

46 KB (47,104 bytes)

User Start Menu Item

Name:

update.exe

Remove update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.