» lib.software-upgrade.org
Overview
IPs Addresses (1)
Downloads (4)
Network (8)
Website Detail
Related Domains (1)

lib.software-upgrade.org

DHACop Lab

Domain Information

The hosted servers are located in Dallas, Texas within the United States which resides on the SoftLayer Technologies Inc. network.

Registrant:

DHACop Lab

Registrar:

Name.com, LLC

Server location:

Texas, United States (US)

ASN:

AS36351 SOFTLAYER - SoftLayer Technologies Inc.,US

Root domain:

software-upgrade.org

Whois:

1 software-upgrade.org record

Google Safe Browsing:

unwanted

Scan engine

Details

Detections

Avira AntiVirus

TR/ATRAPS.Gen, TR/Spy.Agent.3518464.1

100.00%

McAfee

Artemis!84CE4AE4A845, Artemis!DA2F6EBE9DD7

100.00%

IKARUS anti.virus

Trojan.ATRAPS

50.00%

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

50.00%

MicroWorld eScan

Gen:Trojan.Heur.wV0@raI3JQdi

50.00%

Arcabit

Trojan.Heur.E3C3C8

50.00%

avast!

Win32:Malware-gen

50.00%

Bitdefender

Gen:Trojan.Heur.wV0@raI3JQdi

50.00%

Lavasoft Ad-Aware

Gen:Trojan.Heur.wV0@raI3JQdi

50.00%

Emsisoft Anti-Malware

Gen:Trojan.Heur.wV0@raI3JQdi

50.00%

F-Secure

Trojan.Heur.wV0@raI3JQdi

50.00%

VIPRE Antivirus

Trojan.Win32.Generic

50.00%

Trend Micro

TROJ_GEN.R047C0OJF15

50.00%

G Data

Gen:Trojan.Heur.wV0@raI3JQdi

50.00%

AVG

Generic14_c

50.00%

The domain lib.software-upgrade.org has been seen to resolve to the following IP address.

50.22.123.186

50.22.123.186-static.reverse.softlayer.com

February 22, 2016

File downloads found at URLs served by lib.software-upgrade.org.

15 / 68 (Malware)

http://lib.software-upgrade.org/windows-patch-update.exe (newver_76_1.8.5.0.exe)

0 / 68

http://lib.software-upgrade.org/flashplayer_chrome.exe (install_flash_player_16_plugin.exe)

4 / 68 (inconclusive)

http://lib.software-upgrade.org/flashinstall.exe (flashplayerwin10_ver_337.exe)

0 / 68

http://lib.software-upgrade.org/flashplayer_chrome.exe (FlashUtil.exe)

The following 8 files have been seen to comunicate with lib.software-upgrade.org in live environments.

TCP » 50.22.123.186:80

winvxm.exe (Windows Virtual Network Server by MicroStudio)

TCP » 50.22.123.186:80

applications.exe (Windows Application Monitor by DVS Studio)

TCP » 50.22.123.186:80

3d47c94a4e2f6186895abd2607e46031.exe

TCP » 50.22.123.186:80

winnetwork.exe (Windows Network Services by @Microsoft)

TCP » 50.22.123.186:80

DonutLeadsService.exe (DonutLeadsService)

TCP » 50.22.123.186:80

applications.exe (by Microsoft)

TCP » 50.22.123.186:80

winvxm.exe (Windows Virtual Network Server by MicroStudio)

TCP » 50.22.123.186:80

wmnserv.exe (Windows Network Services by @Microsoft)

URL:

http://lib.software-upgrade.org/

Web server:

Microsoft-IIS/8.0 (ASP.NET)

Related Domains

ahdsoft.com

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.