» upgrade.exe
Overview
Analysis
File Details

upgrade.exe

BlueSprig

The executable upgrade.exe, “JetClean Upgrade Programe” has been detected as malware by 33 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

upgrade.exe

Publisher:

BlueSprig

Description:

JetClean Upgrade Programe

Version:

1.0.6.6

MD5:

494ccc28e7cc7f4f6f73d8c76e9f7b40

SHA-1:

cc847a03b4be779768280154bbb6cd2cad9b433c

SHA-256:

192e7c67afa2447fbf55d517f998fb11f52431d2de763b27b1c453dbd103cdac

Scanner detections:

33 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 12:30:36 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

6485650

Agnitum Outpost

Win32.Sality.FA.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.01.31

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:Sality

150101-1

AVG

Win32/Sality

2014.0.4253

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15130

Bitdefender

Win32.Sality.3

1.0.20.150

Bkav FE

W32.Sality.PE

1.3.0.6379

Emsisoft Anti-Malware

Win32.Sality

9.0.0.4799

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.13.68

G Data

Win32.Sality

15.1.25

IKARUS anti.virus

Virus.Win32.Gaelicum

t3scan.1.8.6.0

K7 AntiVirus

Virus

13.193.14814

Kaspersky

Virus.Win32.Sality

15.0.0.543

McAfee

Virus.W32/Sality.gen.z

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.191.3639.0

MicroWorld eScan

Win32.Sality.3

16.0.0.90

NANO AntiVirus

Virus.Win32.Sality.bzkem

0.30.0.65070

Norman

Win32.Sality.3

03.12.2014 13:20:04

nProtect

Win32.Sality.3

15.01.30.01

Panda Antivirus

W32/Sality.AA

15.01.30.11

Quick Heal

W32.Sality.U

1.15.14.00

Sophos

Virus 'Mal/Sality-D'

5.09

Total Defense

Win32/Sality.AA

37.0.11411

Trend Micro House Call

PE_SALITY.ER

7.2.30

Trend Micro

PE_SALITY.ER

10.465.30

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.3

VIPRE Antivirus

Threat.4758034

36694

ViRobot

Win32.Sality.N[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.20

2.0.0.2049

File size:

583.9 KB (597,872 bytes)

Product version:

1.0.0.0

Trademarks:

BlueSprig

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\bluesprig\jetclean\upgrade.exe

File PE Metadata

Compilation timestamp:

9/23/2011 8:23:49 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:yGw6tGhPQf1iYiVBJd1Fr2WNYX4Q2i0888888888888W88888888888ra0WL:J7Gh4f1ijBFLYXtaa0WL

Entry address:

0x647E4

Entry point:

EB, 02, 13, FB, 68, 58, 0A, 96, 00, 50, F6, C3, 54, BA, EA, 98, 12, 5F, 43, 55, 81, FF, C7, 64, 00, 00, 76, 05, 84, E7, C6, C1, 77, E8, 16, 00, 00, 00, C7, C2, 13, 12, 11, D5, EB, 0C, 86, CA, 0F, AF, DE, 85, EB, 34, 9A, C6, C1, F6, 03, EF, 84, FF, EB, 01, 48, B3, 5A, 81, FD, AF, 29, 00, 00, 5E, 0F, 6E, CE, 85, D8, 0F, BF, EB, 0F, C8, 8A, E1, 15, 7D, 55, AF, 4D, 8D, 15, 40, B0, 03, 00, 81, EA, 3E, B0, 03, 00, 25, DE, F8, 8D, CF, 8B, DA, 2A, EB, 69, DB, E9, 08, 00, 00, EB, 02, 0F, C9, 2B, FB, 74, 0A, F7, D8... 
[+]

Packer / compiler:

FSG v1.10 (Microsoft Visual C++ 6.0 / 7.0)

Code size:

395 KB (404,480 bytes)

Remove upgrade.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.