» UranUpdate.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

UranUpdate.exe

uCozMedia UranUpdate

Limited Liability Company Ucoz Media

The application UranUpdate.exe by Limited Liability Company Ucoz Media has been detected as adware by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named uCozMediaUranUpdateTaskUserSID triggered daily at a specified time.

File name:

UranUpdate.exe

Publisher:

uCoz Media LLC (signed by Limited Liability Company Ucoz Media)

Product:

uCozMedia UranUpdate

Version:

1.3.25.0

MD5:

7067d3d81fcdcab93161eb305e3b8be0

SHA-1:

76cda1e440bb8fb1624b68788a48c5862df9e191

SHA-256:

2ede58e591aed96f772ca25dded9418e5485bae4bc36a29668b1ed32bfb996af

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/16/2024 2:54:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Task.LimitedLiabilityCompanyUcozMedia

15.3.20.18

Rising Antivirus

PE:Trojan.GenericKDV!6.B5C

23.00.65.14722

File size:

142.1 KB (145,536 bytes)

Product version:

1.3.25.0

Original file name:

UranUpdate.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\ucozmedia\uranupdate\uranupdate.exe

Digital Signature

Signed by:

Limited Liability Company Ucoz Media

Authority:

GlobalSign nv-sa

Valid from:

3/16/2012 11:17:49 PM

Valid to:

3/17/2014 11:17:49 PM

Subject:

E=alexzander@ucoz.com, CN=Limited Liability Company Ucoz Media, OU=Bagrationovskiy proyezd, O=Limited Liability Company Ucoz Media, L=Moscow, S=Moscow, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B28BB43AF25490AA12229BA614435817

File PE Metadata

Compilation timestamp:

10/31/2013 6:55:38 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:XU9hcjLsXSzv4Alc8XjQ2I+iPLsllkeYCLlGPFGQEKZ60+Ul1wZcS98JrD7jH4gd:8hQLsXMv3NXdI+S6K

Entry address:

0x4DF6

Entry point:

E8, 3B, 24, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 38, 31, 41, 00, E8, 84, 00, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 9C, 0C, 41, 00, 03, 75, 43, 6A, 04, E8, 25, 26, 00, 00, 59, 83, 65, FC, 00, 56, E8, 4D, 26, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 6E, 26, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 11, 25, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 04, F7, 40, 00, FF, 15, 7C, 10, 41, 00, 85, C0, 75, 16, E8, F0, 06, 00... 
[+]

Entropy:

5.7063

Code size:

51.5 KB (52,736 bytes)

Scheduled Task

Task name:

uCozMediaUranUpdateTaskUserSID

Trigger:

Daily (Runs daily at 11:17 PM)

Action:

uranupdate.exe \c

Description:

Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnera

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to ec2-54-225-90-246.compute-1.amazonaws.com (54.225.90.246:443)

Remove UranUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.