home

upr.exe

The application upr.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to automatically run when the computer boots.
Version:
1.1.8.15217

MD5:
5ede18385e3fcff82e611d67b98936af

SHA-1:
ee488049641f7e8c14c5d599467c0bb8a40ef4ed

SHA-256:
9a2e867fa2b31b8d8cd83595d10149a253241765b2cb6b8754732b71af426c2a

Scanner detections:
14 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
4/18/2024 7:42:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.657482
523

Arcabit
Trojan.Kazy.DA084A
1.0.0.425

avast!
MSIL:Vittalia-B [Adw]
2014.9-150830

AVG
Generic6
2016.0.3001

Baidu Antivirus
PUA.MSIL.Vittalia
4.0.3.15830

Bitdefender
Gen:Variant.Kazy.657482
1.0.20.1210

Emsisoft Anti-Malware
Gen:Variant.Kazy.657482
8.15.08.30.08

ESET NOD32
MSIL/Vittalia.AC potentially unwanted (variant)
9.12053

F-Prot
W32/S-e537b3f5
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.657482
11.2015-30-08_1

G Data
Gen:Variant.Kazy.657482
15.8.25

IKARUS anti.virus
PUA.MSIL.Vittalia
t3scan.1.9.5.0

MicroWorld eScan
Gen:Variant.Kazy.657482
16.0.0.726

Reason Heuristics
PUP.Vitallia.Bundler.Meta (M)
15.8.30.20

File size:
62.5 KB (64,000 bytes)

Product version:
1.1.8.15217

Copyright:
Copyright © 2014

Original file name:
Up4ProtW8.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\upr.exe

File PE Metadata
Compilation timestamp:
8/6/2015 12:32:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:CtvtJYSY3ys+7Mcyz/EoGQSDuYxUyhy0ji9zmN0XqNuoyJu5DkHN8V/PTXQYRYcS:ChrY3J+7McqEXQhLyESi9zmyt8VF04

Entry address:
0x1053E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
57.5 KB (58,880 bytes)

Scheduled Task
Task name:
Google Update

Trigger:
Boot (Runs on boot)


Remove upr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.