globalupdate.exe

globalUpdate Update

globalUpdate

The application globalupdate.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
globalUpdate

Product:
globalUpdate Update

Version:
1.3.25.0

MD5:
3c14aae26ea06badac98520773772ceb

SHA-1:
dd4605e26b48b7c231dbeba5e8faa91f33d21b2b

SHA-256:
79bf363c33c3d5ff49575baa830026d7e2721a4c49ac69f488487d655b6448bb

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:33:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.POG
620

Agnitum Outpost
PUA.Boxore
7.1.1

AhnLab V3 Security
Adware/Win32.Boxore
2015.05.26

Avira AntiVirus
ADWARE/Agent.68608.1
8.3.1.6

Bitdefender
Adware.Agent.POG
1.0.20.725

Dr.Web
Adware.Boxore.5
9.0.1.0124

Emsisoft Anti-Malware
Adware.Agent.POG
8.15.05.25.09

ESET NOD32
Win32/AlteredSoftware.F potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/GlobalUpdate
5/25/2015

F-Secure
Adware.Agent.POG
11.2015-25-05_2

G Data
Adware.Agent.POG
15.5.25

herdProtect (fuzzy)
2015.8.2.5

K7 AntiVirus
Riskware
13.204.16014

Kaspersky
not-a-virus:RiskTool.Win32.GlobalUpdate
14.0.0.1986

Malwarebytes
PUP.Optional.ModGoog
v2015.05.25.09

McAfee
Artemis!3C14AAE26EA0
5600.6754

MicroWorld eScan
Adware.Agent.POG
16.0.0.435

NANO AntiVirus
Riskware.Win32.GlobalUpdate.dqjgkp
0.30.24.1357

Norman
Adware.Agent.POG
11.20150525

nProtect
Adware.Agent.POG
15.06.26.01

Panda Antivirus
PUP/CrossRider
15.05.25.09

Quick Heal
RiskTool.GlobalUpdate.r5 (Not a Virus)
5.15.14.00

Sophos
Generic PUA NN
4.98

Trend Micro House Call
ADW_FakeGoog
7.2.145

Trend Micro
ADW_FakeGoog
10.465.25

VIPRE Antivirus
Threat.4150696
40830

ViRobot
Adware.Agent.68608.E[h]
2014.3.20.0

Zillya! Antivirus
Trojan.CPEX.Win32.16017
2.0.0.2189

File size:
67 KB (68,608 bytes)

Product version:
1.3.25.0

Copyright:
Copyright 2007-2010 globalupdate

Original file name:
globalupdate.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\globalupdate.exe

File PE Metadata
Compilation timestamp:
4/30/2015 7:40:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:SOoKeZJ81NzLJ1mxUimx2Pz12wbUOYhETuk7gY3EDfYnA8MvCvL90PGiD23:xob8NzL6Xe2LZoHGukUwA8ZvL90+i63

Entry address:
0x47BD

Entry point:
E8, 6D, 1E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 1C, A7, 40, 00, FF, 15, 74, B0, 40, 00, 85, C0, 75, 18, 56, E8, 90, 01, 00, 00, 8B, F0, FF, 15, 3C, B0, 40, 00, 50, E8, 40, 01, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 94, B0, 40, 00, 57, FF, 35, 68, AD, 40, 00, FF, D6, FF, 35, 64, AD, 40, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8...
 
[+]

Entropy:
6.0429

Code size:
32 KB (32,768 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to lb-212-222.above.com  (103.224.212.222:80)

TCP (HTTP):
Connects to sage.parklogic.com  (69.39.236.56:80)

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

Remove globalupdate.exe - Powered by Reason Core Security