home

UpdatePlatform.exe

Update Platform Application

Beijing Zhihuimen Techology co,.Ltd

The application UpdatePlatform.exe by Beijing Zhihuimen Techology co,.Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This is the uninstaller utility registered in the Windows Control Panel for the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd. This file is typically installed with the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd.
Publisher:
Beijing Zhihuimen Techology co,.Ltd  (signed and verified)

Product:
Update Platform Application

Version:
1.1.0.15722

MD5:
a0df23f5407de8dd4d2dabc57e7f8a89

SHA-1:
1b2189dbb62d28ad59a72d8305f8935a0a5e5a5d

SHA-256:
f62542f0cf83594fe1ca1b4d34b842925479006f0729841a775424bc48ce53b3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/30/2024 5:32:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TopTools (M)
16.8.27.10

File size:
562.9 KB (576,456 bytes)

Product version:
1.1.0.15722

Copyright:
Copyright (C) 2015

Original file name:
UpdatePlatform.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\toolsupdateplatform\updateplatform.exe

Digital Signature
Signed by:
Beijing Zhihuimen Techology co,.Ltd

Authority:
VeriSign, Inc.

Valid from:
3/20/2015 7:00:00 AM

Valid to:
3/20/2016 6:59:59 AM

Subject:
CN="Beijing Zhihuimen Techology co,.Ltd", OU=Dev, O="Beijing Zhihuimen Techology co,.Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CD09515CC4DCE7B71D57D559E0AF51C

File PE Metadata
Compilation timestamp:
6/16/2015 5:44:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:uW0+8msp+6l/zoTgeFK1t+Cb2gzCFp0CpQ2pn2iZCdi/2p1gNOIU+OLwh:jHsp+6l/Ue9CdpQ2pNwdi/4mNOIU+4wh

Entry address:
0x4DAEA

Entry point:
E8, 46, BC, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 40, DD, 47, 00, 00, 74, 05, E9, D6, BC, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1...
 
[+]

Entropy:
6.3943

Code size:
411.5 KB (421,376 bytes)

Program Uninstaller
Program name:
Tools Update Platform

Display publisher:
Beijing Zhihuimen Techology co,.Ltd

Display version:
1.1.0.15722

Uninstall string:
C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe Uninstall Force


Scheduled Task
Task name:
ToolsUpdatePlatform_ScheduledTask

Trigger:
Logon (Runs on logon)

Description:
Tools update check when system start.


The file UpdatePlatform.exe has been discovered within the following program.

Tools Update Platform  by Beijing Zhihuimen Techology co,.Ltd
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-107-23-145-180.compute-1.amazonaws.com  (107.23.145.180:80)

TCP (HTTP):
Connects to ec2-52-55-156-20.compute-1.amazonaws.com  (52.55.156.20:80)

TCP (HTTP):
Connects to ec2-34-200-202-177.compute-1.amazonaws.com  (34.200.202.177:80)

TCP (HTTP):
Connects to ec2-34-192-147-223.compute-1.amazonaws.com  (34.192.147.223:80)

TCP (HTTP):
Connects to ec2-34-194-98-23.compute-1.amazonaws.com  (34.194.98.23:80)

TCP (HTTP):
Connects to ec2-52-202-118-125.compute-1.amazonaws.com  (52.202.118.125:80)

TCP (HTTP):
Connects to ec2-52-87-107-110.compute-1.amazonaws.com  (52.87.107.110:80)

TCP (HTTP):
Connects to ec2-52-205-194-174.compute-1.amazonaws.com  (52.205.194.174:80)

TCP (HTTP):
Connects to ec2-52-0-70-24.compute-1.amazonaws.com  (52.0.70.24:80)

TCP (HTTP):
Connects to a23-3-246-238.deploy.static.akamaitechnologies.com  (23.3.246.238:80)

TCP (HTTP):
Connects to a23-38-146-187.deploy.static.akamaitechnologies.com  (23.38.146.187:80)

Remove UpdatePlatform.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.