DuuquUpdate.exe

Duuqu Update

Duuqu Group OU

The application DuuquUpdate.exe by Duuqu Group OU has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It runs as a separate (within the context of its own process) windows Service named “Duuqu Update Service (dqupdate)”.
Publisher:
Duuqu Group  (signed by Duuqu Group OU)

Product:
Duuqu Update

Description:
Duuqu Installer

Version:
1.3.33.0

MD5:
e8426fb17c42b1ca65f6e9f1de578c94

SHA-1:
6a00ba0cd6f12988a21d353ccfc325b93096b049

SHA-256:
1e9bb7abb4c0c73027edac6cf4270e17cb28b948958d8a284a06b45e0a0abc1e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:23:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DuuquGro.Installer (M)
16.7.7.7

File size:
96.1 KB (98,360 bytes)

Product version:
1.3.33.0

Copyright:
Copyright 2010-2012 Duuqu Group

Original file name:
DuuquUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\duuqu\update\duuquupdate.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/9/2012 2:00:00 AM

Valid to:
8/10/2014 1:59:59 AM

Subject:
CN=Duuqu Group OU, O=Duuqu Group OU, L=Tallinn, S=Harju, C=EE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
162E253D4CB8942D57DC084A3456BA93

File PE Metadata
Compilation timestamp:
9/5/2012 7:17:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:A+QVaIlvZoTd1LzpUlkBbB4sR0F/QphPd90+G3lE8jYL0:AruLzpZHR0F/QnI+G3lE8jYw

Entry address:
0x4D36

Entry point:
E8, 3B, 24, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, C8, 30, 41, 00, E8, 84, 00, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 9C, 0C, 41, 00, 03, 75, 43, 6A, 04, E8, 25, 26, 00, 00, 59, 83, 65, FC, 00, 56, E8, 4D, 26, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 6E, 26, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 11, 25, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 04, F7, 40, 00, FF, 15, 7C, 10, 41, 00, 85, C0, 75, 16, E8, F0, 06, 00...
 
[+]

Code size:
51.5 KB (52,736 bytes)

Service
Display name:
Duuqu Update Service (dqupdate)

Service name:
dqupdate

Description:
Keeps your Duuqu software up to date. If this service is disabled or stopped, your Duuqu software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and featu

Type:
Win32OwnProcess

Depends on:
RPCSS


Remove DuuquUpdate.exe - Powered by Reason Core Security