googleupd.exe

Google Update

Google

The executable googleupd.exe has been detected as malware by 24 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named GoogleUpdateTaskUser triggered to execute each time a user logs in. While running, it connects to the Internet address lb-182-207.above.com on port 80 using the HTTP protocol.
Publisher:
Google

Product:
Google Update

Version:
1.0.0.0

MD5:
47eb26565f587912e7a2336dc7d0b8a4

SHA-1:
12f7078c92581af141ad85f19a09e1d00981329f

SHA-256:
4ffdc458321d9374bd46b659ba0fb3de6e2f1eafb00a4a5a728996aa4e37ffe7

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
12/23/2024 11:32:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1524044
1075

Agnitum Outpost
Trojan.CoinMiner
7.1.1

Avira AntiVirus
TR/Agent.24576.1128
7.11.133.122

avast!
Win32:Malware-gen
2014.9-140225

AVG
CoinMiner
2015.0.3553

Baidu Antivirus
Trojan.MSIL.CoinMiner
4.0.3.14225

Bitdefender
Trojan.GenericKD.1524044
1.0.20.280

Comodo Security
UnclassifiedMalware
17841

Dr.Web
Trojan.BtcMine.298
9.0.1.056

Emsisoft Anti-Malware
Trojan.GenericKD.1524044
8.14.02.25.06

ESET NOD32
MSIL/CoinMiner.HE
8.9464

Fortinet FortiGate
MSIL/CoinMiner.HE!tr
2/25/2014

F-Secure
Trojan.GenericKD.1524044
11.2014-25-02_3

G Data
Trojan.GenericKD.1524044
14.2.24

IKARUS anti.virus
Trojan.CoinMiner
t3scan.2.2.29

Kaspersky
Trojan.MSIL.BitMiner
14.0.0.4259

McAfee
Artemis!47EB26565F58
5600.7209

MicroWorld eScan
Trojan.GenericKD.1524044
15.0.0.168

NANO AntiVirus
Trojan.Win32.BtcMine.cszzeg
0.28.0.57630

Norman
Troj_Generic.SNPIY
11.20140225

nProtect
Trojan.GenericKD.1524044
14.02.24.02

Sophos
Mal/Generic-S
4.97

Trend Micro House Call
TROJ_GEN.R0CBB01BI14
7.2.56

VIPRE Antivirus
Trojan.Win32.Generic
26806

File size:
24 KB (24,576 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
GoogleChrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\media center programs\googleupd.exe

File PE Metadata
Compilation timestamp:
1/6/2014 10:17:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:BpiVe7fAWUbth+SJxEQQ09/KN6c1+HCk8nIwVUdz+EfAKS:nic7BYEQQoa6Ink8IwVUdBov

Entry address:
0x3AC6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7 KB (7,168 bytes)

Scheduled Task
Task name:
GoogleUpdateTaskUser

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to lb-182-207.above.com  (103.224.182.207:80)

Remove googleupd.exe - Powered by Reason Core Security