28d72upd

Universal Shield

Everstrike OOO

The file 28d72upd by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Everstrike Software  (signed by Everstrike OOO)

Product:
Universal Shield

Version:
4.7.0.0

MD5:
0e93f553b125e61a966949d8403f112a

SHA-1:
de34b683b945ca59ad94b86efaca27ec207a9a99

SHA-256:
10f52c891fb2c30ce88aafb16caa64529ed0a950d6d245d5d2abf6fe03df0b05

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 3:13:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Everstri (M)
16.5.15.23

File size:
2.3 MB (2,365,080 bytes)

Product version:
4.7.0.0

Copyright:
Copyright © 2001-2012

Trademarks:
Universal Shield

Original file name:
USPro.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\28d72sje\28d72upd

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/28/2011 9:00:00 PM

Valid to:
1/12/2013 8:59:59 PM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=Ulyanovsk, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
641E267F3D0313EEED9D86E2C36B2260

File PE Metadata
Compilation timestamp:
3/17/2012 2:47:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:Mi+Gm2Lxua5+JpEPP9bUjP4vsezqRsa4kPi0g:n+Gm6P30wqmaxPG

Entry address:
0x46D006

Entry point:
E8, 28, 1F, 00, 00, 8D, 64, 24, 08, 0F, 83, 13, 05, 00, 00, 60, C6, 04, 24, 30, C6, 04, 24, 14, 8D, 64, 24, 20, E9, 03, F2, FF, FF, D4, DA, 91, 0F, FB, 6C, 39, 09, 22, 39, 02, 39, 2B, 70, 8A, C4, 22, C0, 11, A5, E9, A6, A8, AA, 4F, E3, 32, EA, 1D, 0B, 2A, 6D, 2C, A2, 16, 4A, 45, 24, 7A, 33, 85, F6, 78, 5E, F8, 07, C1, 58, 5D, 4C, D0, 4D, 57, 71, DC, D4, AC, 95, A9, A4, BC, 94, 92, 65, 7B, D4, 9E, D9, F9, 64, 62, 22, 1C, C6, AB, C2, 06, FE, 3E, 3F, 47, 7F, 16, 52, E6, C3, 54, 57, E7, D6, 6A, 29, 01, FD, 59...
 
[+]

Code size:
433.5 KB (443,904 bytes)

Remove 28d72upd - Powered by Reason Core Security