» updatewind.exe
Overview
Analysis
File Details

updatewind.exe

Remote Manipulator System

Usoris Systems

The application updatewind.exe by Usoris Systems has been detected as a potentially unwanted program by 15 anti-malware scanners.

File name:

updatewind.exe

Publisher:

TektonIT (signed by Usoris Systems)

Product:

Remote Manipulator System

Description:

RMS

Version:

6.3.0.5

MD5:

c337caabadf7714c753599f39afd1973

SHA-1:

e89d192d7bda6a26b4d8fe364f4694a14cc2aa3e

SHA-256:

52f5411458fa1d02a647c14a25f3b8cd431660b7ad9c62dce6537bae2fea8e37

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

7/13/2025 2:11:34 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.RemoteAdmin.DJ

7.1.1

AhnLab V3 Security

Unwanted/Win32.RemoteAdmin

2016.03.09

Avira AntiVirus

BDS/Backdoor.Gen2

8.3.3.2

AVG

RemoteAdmin

2017.0.2802

Bkav FE

W32.HfsAdware

1.3.0.7717

ESET NOD32

Win32/RemoteAdmin.RemoteUtilities.H potentially unsafe (variant)

10.13148

G Data

Win32.Application.Agent.72MSO4

16.3.25

Kaspersky

not-a-virus:RemoteAdmin.Win32.RMS

14.0.0.506

McAfee

PUP-RGEJ

5600.6458

Panda Antivirus

Trj/CI.A

16.03.16.05

Qihoo 360 Security

Win32/Virus.RemoteAdmin.cac

1.0.0.1120

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16314

Sophos

Generic PUA OI (PUA)

4.98

VIPRE Antivirus

Trojan.Win32.Generic

47736

Zillya! Antivirus

Trojan.Injector.Win32.331414

2.0.0.2709

File size:

5.1 MB (5,350,840 bytes)

Product version:

6.3.0.5

Trademarks:

Remote Manipulator System, TektonIT

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\ehome\ascon\updatewind.exe

Digital Signature

Signed by:

Usoris Systems

Authority:

Symantec Corporation

Valid from:

2/2/2015 2:00:00 AM

Valid to:

5/4/2017 2:59:59 AM

Subject:

CN=Usoris Systems, O=Usoris Systems, L=Victoria, S=Mahe, C=SC

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

2810859351B08906D00293C09A255A

File PE Metadata

Compilation timestamp:

6/26/2015 3:14:28 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:8jR6DGsvhIPBzEoZ6SNbpJjwsmozStrH45/oYEt0DDniukopJlqTKTPmcFeIMwmC:8jAL+p5Us55E0D+3oTFqlu

Entry address:

0x41D388

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, EC, 4F, 80, 00, E8, AF, 29, BF, FF, 8B, 1D, D0, 31, 83, 00, A1, 64, 2A, 83, 00, 83, 38, 06, 7C, 05, E8, 5E, AF, BF, FF, E8, E9, 7B, FE, FF, 8B, 03, B2, 01, E8, 4C, 89, E0, FF, 8B, 03, E8, FD, 6B, E0, FF, 8B, 03, BA, 04, D4, 81, 00, E8, 21, 66, E0, FF, 8B, 03, C6, 40, 6F, 00, 8B, 0D, A0, 2D, 83, 00, 8B, 03, 8B, 15, 0C, B8, 7F, 00, E8, F0, 6B, E0, FF, 8B, 03, E8, 45, 6D, E0, FF, 5B, E8, 2F, CE, BE, FF, 00, 00, 00, B0, 04, 02, 00, FF, FF, FF, FF, 27, 00, 00, 00, 52, 00, 65, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

4.1 MB (4,307,456 bytes)

Remove updatewind.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.