home

avupdate.exe

Avira Product Updater

Softoware LLC

The application avupdate.exe, “Updater for Avira products” by Softoware has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Avira Operations GmbH & Co. KG  (signed by Softoware LLC)

Product:
Avira Product Updater

Description:
Updater for Avira products

Version:
2.2.0.37

MD5:
423160fb6ddcab5336baeea10d8f2b28

SHA-1:
0406f71b9a896bfca987664daa8793779af4cd26

SHA-256:
f754e83bf73430b45869e5aa4d7984f39e87c4e7bc49de59c165eb74e03a4b06

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 8:04:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.24.9

File size:
1.7 MB (1,809,688 bytes)

Product version:
2.2.0.37

Copyright:
Copyright © 2000 - 2015 Avira Operations GmbH & Co. KG and its Licensors.

Trademarks:
AVIRA ® is a registered trademark of Avira Operations GmbH & Co. KG, Germany.

Original file name:
avupdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\network security guard\motiflib\avupdate.exe

Digital Signature
Signed by:
Softoware LLC

Authority:
COMODO CA Limited

Valid from:
5/10/2015 5:00:00 PM

Valid to:
5/10/2016 4:59:59 PM

Subject:
CN=Softoware LLC, OU=Softoware LLC, O=Softoware LLC, STREET="1225 FRANKLIN AVENUE, SUITE 325", L=Garden City, S=New York, PostalCode=11530, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DC73DE107D58AD4D4BA573833F01896

File PE Metadata
Compilation timestamp:
9/3/2015 7:53:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:3f4g95t/yz3yWU/JfYRkNcXwTT4p/31jaTSNV:ginyz3+/EkNcXv1

Entry address:
0x142054

Entry point:
E8, C8, 0A, 00, 00, E9, 91, FE, FF, FF, FF, 25, 58, 33, 54, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, FF, 25, 5C, 33, 54, 00, FF, 25, 60, 33, 54, 00, FF, 25, 64, 33, 54, 00, FF, 25, 68, 33, 54, 00, FF, 25, 6C, 33, 54, 00, FF, 25, 74, 33, 54, 00, FF, 25, 78, 33, 54, 00, FF, 25, 7C, 33, 54, 00...
 
[+]

Entropy:
6.6686

Code size:
1.3 MB (1,318,912 bytes)

Remove avupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.