dcsupdate.exe

The executable dcsupdate.exe has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Service Updater’.
Version:
0.0.0.0

MD5:
692c43983f9c3478368a44a03b935ebb

SHA-1:
26a7b64f39c130ec2edf1d49b4b8a1f516c29736

SHA-256:
7d9dd4cbc61f5ac474011e47f4b94ece6c9737601128985da2e4a7f780c08a54

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
11/29/2024 4:32:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.36455
-40

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Jorik.N870071406
3.7.5.15

Avira AntiVirus
TR/Injector.L.10
8.3.3.4

Arcabit
Trojan.Strictor.D8E67
1.0.0.774

avast!
MSIL:GenMalicious-E [Trj]
2014.9-170316

AVG
Generic29
2018.0.2438

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.17316

Bitdefender
Gen:Variant.Strictor.36455
1.0.20.375

Comodo Security
UnclassifiedMalware
25773

Dr.Web
Trojan.Packed.23200
9.0.1.075

Emsisoft Anti-Malware
Gen:Variant.Strictor.36455
8.17.03.16.07

ESET NOD32
MSIL/Injector.AOS (variant)
11.14138

Fortinet FortiGate
MSIL/Injector.PED!tr
3/16/2017

F-Secure
Gen:Variant.Strictor.36455
11.2017-16-03_5

G Data
Gen:Variant.Strictor.36455
17.3.25

IKARUS anti.virus
Trojan-Dropper.MSIL
t3scan.2.1.6.0

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1317

McAfee
Artemis!692C43983F9C
5600.6094

Microsoft Security Essentials
Trojan:MSIL/Injector.L
1.1.13000.0

MicroWorld eScan
Gen:Variant.Strictor.36455
18.0.0.225

NANO AntiVirus
Trojan.Win32.Injector.dckjrm
1.0.38.8984

Panda Antivirus
Generic Malware
17.03.16.07

Qihoo 360 Security
Win32/Trojan.f03
1.0.0.1120

Quick Heal
Trojan.Generic.g3
3.17.14.00

Rising Antivirus
Trojan.Generic-mZGswzFMTxQ (cloud)
23.00.65.17314

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
52386

File size:
17.4 MB (18,232,832 bytes)

Product version:
0.0.0.0

Original file name:
NnE.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\sysmon\dcsupdate.exe

File PE Metadata
Compilation timestamp:
9/9/2012 8:11:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

Entry address:
0x1150772

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9992

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
17.3 MB (18,147,328 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Service Updater

Command:
"C:\users\{user}\appdata\roaming\sysmon\dcsupdate.exe"


Remove dcsupdate.exe - Powered by Reason Core Security