» app_update.exe
Overview
Analysis
File Details
Downloads (2)

app_update.exe

ggjhtyghhg

The executable app_update.exe has been detected as malware by 30 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from flashplayer1.websiteseguro.com and multiple other hosts.

File name:

app_update.exe

Product:

ggjhtyghhg

Description:

ooikjuhj

Version:

1.0.0.0

MD5:

01dbaa9e51fd5dd6b23cf6a7ec8d8623

SHA-1:

95f1fc9f636fa1ff43355f763ceb6f9ab2011fe9

SHA-256:

e5faee5cab555b754ec123149faaef1585d129b5f5f9e1eb6ef70b50fbe52061

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

11/15/2024 11:22:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2144670

332

Agnitum Outpost

Trojan.Badur

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2015.10.17

Avira AntiVirus

TR/Agent.41984.245

8.3.2.2

Arcabit

Trojan.Generic.D20B99E

1.0.0.582

avast!

Win32:Malware-gen

2014.9-160309

AVG

Downloader.MSIL

2017.0.2810

Baidu Antivirus

Trojan.MSIL.Banload

4.0.3.1639

Bitdefender

Trojan.GenericKD.2144670

1.0.20.345

Comodo Security

UnclassifiedMalware

23429

Emsisoft Anti-Malware

Trojan.GenericKD.2144670

8.16.03.09.11

ESET NOD32

MSIL/TrojanDownloader.Banload.BQ

10.12421

Fortinet FortiGate

W32/Badur.SWZL!tr

3/9/2016

F-Secure

Trojan.GenericKD.2144670

11.2016-09-03_4

G Data

Trojan.GenericKD.2144670

16.3.25

IKARUS anti.virus

Trojan-Downloader.MSIL.Banload

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.211.17567

McAfee

RDN/Generic Downloader.x

5600.6466

Microsoft Security Essentials

TrojanDownloader:MSIL/Banload

1.1.12101.0

MicroWorld eScan

Trojan.GenericKD.2144670

17.0.0.207

NANO AntiVirus

Trojan.Win32.Badur.dupjvs

0.30.26.3947

nProtect

Trojan/W32.Badur.41984.C

15.10.16.01

Panda Antivirus

Trj/Chgt.O

16.03.09.11

Qihoo 360 Security

Win32/Trojan.6d8

1.0.0.1015

Quick Heal

Trojan.Badur.r3

3.16.14.00

Sophos

Mal/Generic-L

4.98

Trend Micro

TROJ_GEN.R0EAC0EBG15

10.465.09

VIPRE Antivirus

Trojan.Win32.Generic

44602

ViRobot

Trojan.Win32.A.Badur.41984.A[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Badur.Win32.9850

2.0.0.2452

File size:

41 KB (41,984 bytes)

Product version:

1.0.0.0

Original file name:

S282716oa937.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\app_update.exe

File PE Metadata

Compilation timestamp:

2/4/2015 11:15:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:YsD7IEhBMVg9StqWOnRdLLj6GoOLoaAUhdYryfg:x8EhBZyqhRVLj6GzpAUsryY

Entry address:

0xB8DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

38.5 KB (39,424 bytes)

The file app_update.exe has been seen being distributed by the following 2 URLs.

https://flashplayer1.websiteseguro.com/app_flash.exe

https://flashplayer1.websiteseguro.com/app_update.exe

Remove app_update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.