» _eupdate_13.3.2.2700.exe
Overview
Analysis
File Details

_eupdate_13.3.2.2700.exe

Skytouch Technology Co., Limited

The application _eupdate_13.3.2.2700.exe by Skytouch Technology Co., Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Skytouch Technology Co., Limited (signed and verified)

Version:

10.2.0.2610

MD5:

51e9b4b130074758079617d58ba3e759

SHA-1:

a315f34b9802ac24608b26888716c8efde23834a

SHA-256:

555fde0c07dde3d7a31293a2e93c675398bbccec175329b01155c8cc0416325b

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/5/2024 1:36:36 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ELEX (M)

16.8.3.17

File size:

692.6 KB (709,240 bytes)

Product version:

10.2.0.2610

Original file name:

eUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\esafe\_eupdate_13.3.2.2700.exe

Digital Signature

Signed by:

Skytouch Technology Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

7/8/2013 10:29:59 AM

Valid to:

7/9/2014 10:29:59 AM

Subject:

CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11216078022FA91C0EB61326E0E8FDBE9C30

File PE Metadata

Compilation timestamp:

8/21/2013 1:11:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:j3lwFi3OwrVPbMdKVwgv21UJXW6BgZCaaNt+HBVeF+g7c0JQ2BQoIgbUQ3eB3B8l:7smPbn2CptgYl+HBsF+gXJVZJbU1rG

Entry address:

0xED2A9

Entry point:

E8, DD, 06, 07, 00, 68, 7C, A3, 02, C0, 46, E8, 31, 44, FE, FF, 60, C7, 44, 24, 1C, 83, 96, 4C, F6, FF, 34, 24, 50, 8D, 64, 24, 24, E9, 2E, AD, 07, 00, 68, 19, 66, 9D, AD, C7, 44, 24, 30, DE, 35, 18, 82, FF, 74, 24, 08, 88, 3C, 24, 66, C7, 44, 24, 08, C1, 13, 8D, 64, 24, 34, E9, A2, A9, 07, 00, 66, 0F, BA, E1, 0E, 80, FC, 05, 9C, E8, B7, FE, 06, 00, 9C, 60, 89, 7C, 24, 20, E8, A4, 04, 07, 00, E8, 12, DF, 06, 00, F4, 99, F6, A5, 43, C1, 54, 56, 13, 90, 3C, DA, 89, 52, DD, 7F, 71, F5, B6, 2C, 90, 78, A3, C5... 
[+]

Code size:

129 KB (132,096 bytes)

Remove _eupdate_13.3.2.2700.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.