» WebUpdate.dll
Overview
Analysis
File Details
Behaviors (1)

WebUpdate.dll

Guangzhou Yixi Computer Technology Co., Ltd.

File name:

WebUpdate.dll

Publisher:

onekm (signed by Guangzhou Yixi Computer Technology Co., Ltd.)

Product:

onekm

Description:

在线升级模块

Version:

1,0,0,3

MD5:

23b2e1fc3d37c1b2c1fbb7a5c1a62fe9

SHA-1:

89f7ba6c9c05a1b02bc93cc6f9cc2023c33a22fa

SHA-256:

3c02bdb1e32e7d157364952df1dbbfa2c0db6af4e0c74da7c5bd1d7becf290f2

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 6:28:29 PM UTC (today)

File size:

252.1 KB (258,160 bytes)

Product version:

1,0,0,3

Original file name:

WebUpdate.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Windows\System32\webupdate.dll

Digital Signature

Signed by:

Guangzhou Yixi Computer Technology Co., Ltd.

Authority:

WoSign, Inc.

Valid from:

3/1/2010 8:00:00 AM

Valid to:

3/1/2013 7:59:59 AM

Subject:

CN="Guangzhou Yixi Computer Technology Co., Ltd.", OU=Class 3 - for Microsoft Authenticode Signing, O="Guangzhou Yixi Computer Technology Co., Ltd.", L=Guangzhou, S=Guangdong, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

1FA47AB5ED5FDDE0AEFD8B1A4EB2B76B

Registration

CLSIDs:

{063DD916-B0C4-4E8D-AB10-405DE5EE46F1}, {47518D81-944F-43DD-B599-C383F71879F0}, {9DA68050-BED3-49B8-B379-A3F363B3BB49}

ProgIDs:

WebUpdate.Update.1, WebUpdate.FolderTree.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/4/2011 11:27:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:zUVnGZuLNhYFVBMdezMsTjB1rVIV4VmV2VIV0VxFNuyDa/s2TSM+N:oGuctML2P3m/sa5C

Entry address:

0x14E63

Entry point:

6A, 0C, 68, 00, AD, 01, 10, E8, 45, 01, 00, 00, 33, C0, 40, 89, 45, E4, 33, FF, 89, 7D, FC, 8B, 75, 0C, 3B, F7, 75, 0C, 39, 3D, 0C, 2A, 03, 10, 0F, 84, AC, 00, 00, 00, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 78, 2A, 03, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, E5, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, DC, CC, FE, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF... 
[+]

Entropy:

4.2835

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

92 KB (94,208 bytes)

ActiveX Install

Name:

{063DD916-B0C4-4E8D-AB10-405DE5EE46F1}

Scan WebUpdate.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.