» AutoUpdate.exe
Overview
Analysis
File Details

AutoUpdate.exe

MSGOnline AutoUpdate Application

Công ty TNHH Giải trí Long Đỉnh

The executable AutoUpdate.exe, “MSGOnline AutoUpdate” has been detected as malware by 3 anti-virus scanners.

File name:

AutoUpdate.exe

Publisher:

VNG Corporation (signed by Công ty TNHH Giải trí Long Đỉnh)

Product:

MSGOnline AutoUpdate Application

Description:

MSGOnline AutoUpdate

Version:

1, 0, 1, 9

MD5:

fbef7b325ef8e04bcfb7e9b863f50ade

SHA-1:

923d237bb2050cdd9f536d0d6ac2a0ef27821c63

SHA-256:

89701f099c779f023f39a9742a3fcd7579a43eeec10ad9a7da8a8241cb3971f4

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/25/2024 1:45:57 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

160215-2

Dr.Web

Trojan.StartPage.57020

9.0.1.05190

ESET NOD32

Win32/RiskWare.StartPage.A application

8.0.319.0

File size:

2.3 MB (2,408,152 bytes)

Product version:

1, 0, 1, 9

Original file name:

AutoUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\autoupdate.exe

Digital Signature

Signed by:

Công ty TNHH Giải trí Long Đỉnh

Authority:

DigiCert Inc

Valid from:

11/29/2012 7:00:00 AM

Valid to:

2/5/2014 7:00:00 PM

Subject:

CN=Công ty TNHH Giải trí Long Đỉnh, O=Công ty TNHH Giải trí Long Đỉnh, L=Ha Noi, S=NA, C=VN

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

06A7A1F4C3ABA4F7DF995E11DFFCDEA0

File PE Metadata

Compilation timestamp:

11/7/2013 4:53:10 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:UdS4dPsaSA5pIP2ZWLJag0UWysVXkdA2K2nvd3SL9:QPsUIP2EH0Zw6KvdA9

Entry address:

0x36E08

Entry point:

E8, DB, 86, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, D8, 15, 49, 00, 75, 02, F3, C3, E9, 5D, 87, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, FA, 55, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 63, 3C, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 15, 19, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 64, 16, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73... 
[+]

Entropy:

7.2735

Code size:

446.5 KB (457,216 bytes)

Remove AutoUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.