home

UpdatePlatform.exe

Update Platform Application

Beijing Zhihuimen Techology co,.Ltd

The application UpdatePlatform.exe by Beijing Zhihuimen Techology co,.Ltd has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This is the uninstaller utility registered in the Windows Control Panel for the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd. This file is typically installed with the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd.
Publisher:
Beijing Zhihuimen Techology co,.Ltd  (signed and verified)

Product:
Update Platform Application

Version:
1.1.0.15773

MD5:
e7d9b291a1094a2da28a5cb57b4f064f

SHA-1:
b878a3a107e682052a6e9436fad17b1c35167316

SHA-256:
672a53c696523b254ec88e7b00183cb427e4de0681dc84dec5a0912665655cd8

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/30/2024 3:31:38 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.TopTools.1
9.0.1.05190

ESET NOD32
Win32/Toptools.A potentially unwanted application
8.0.319.0

Reason Heuristics
Adware.Toptools.BeijingZ.Meta (M)
16.6.16.18

File size:
620.2 KB (635,128 bytes)

Product version:
1.1.0.15773

Copyright:
Copyright (C) 2015

Original file name:
UpdatePlatform.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\toolsupdateplatform\updateplatform.exe

Digital Signature
Signed by:
Beijing Zhihuimen Techology co,.Ltd

Authority:
VeriSign, Inc.

Valid from:
3/20/2015 7:00:00 AM

Valid to:
3/20/2016 6:59:59 AM

Subject:
CN="Beijing Zhihuimen Techology co,.Ltd", OU=Dev, O="Beijing Zhihuimen Techology co,.Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CD09515CC4DCE7B71D57D559E0AF51C

File PE Metadata
Compilation timestamp:
7/7/2015 1:49:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:wmEc9de1x4jtdyc/an2o/SZcMgOJpT/tEB/rATgBuOuixiR/5ilp5Rh0Ec06KGHM:wmbe1x4jfyaa2omtEGTSXxiR/azh0062

Entry address:
0x5460A

Entry point:
E8, E4, E2, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, C4, D3, 48, 00, 00, 74, 05, E9, 74, E3, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1...
 
[+]

Entropy:
6.4307

Code size:
457.5 KB (468,480 bytes)

Program Uninstaller
Program name:
Tools Update Platform

Display publisher:
Beijing Zhihuimen Techology co,.Ltd

Display version:
1.1.0.15773

Uninstall string:
C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe Uninstall Force


Scheduled Task
Task name:
ToolsUpdatePlatform_ScheduledTask

Trigger:
Logon (Runs on logon)

Action:
updateplatform.exe update system

Description:
Tools update check when system start.


The file UpdatePlatform.exe has been discovered within the following programs.

Tools Update Platform  by Beijing Zhihuimen Techology co,.Ltd
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-55-156-20.compute-1.amazonaws.com  (52.55.156.20:80)

TCP (HTTP):
Connects to ec2-107-23-145-180.compute-1.amazonaws.com  (107.23.145.180:80)

TCP (HTTP):
Connects to ec2-52-202-118-125.compute-1.amazonaws.com  (52.202.118.125:80)

TCP (HTTP):
Connects to ec2-52-205-194-174.compute-1.amazonaws.com  (52.205.194.174:80)

TCP (HTTP):
Connects to ec2-52-200-155-121.compute-1.amazonaws.com  (52.200.155.121:80)

TCP (HTTP):
Connects to a23-3-246-238.deploy.static.akamaitechnologies.com  (23.3.246.238:80)

TCP (HTTP):
Connects to ec2-34-192-86-237.compute-1.amazonaws.com  (34.192.86.237:80)

TCP (HTTP):
Connects to ec2-34-192-147-223.compute-1.amazonaws.com  (34.192.147.223:80)

TCP (HTTP):
Connects to a23-50-181-48.deploy.static.akamaitechnologies.com  (23.50.181.48:80)

TCP (HTTP):
Connects to a104-88-123-147.deploy.static.akamaitechnologies.com  (104.88.123.147:80)

Remove UpdatePlatform.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.