GoogleUpdate.exe

Google Update Services

Google lnc

The executable GoogleUpdate.exe has been detected as malware by 27 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Google Services’. While running, it connects to the Internet address 125.235.17.123.adsl.viettel.vn on port 443.
Publisher:
Google lnc

Product:
Google Update Services

Version:
1.05.0510

MD5:
6f9f24e3aa390b694d545a47026c9df7

SHA-1:
012561b3d061ec90a085d61915d7bae20e15ca82

SHA-256:
b8e2a454d5704da83675ff5c1faf5f87e86e13ba9fdbb389563a1c6a18396a3b

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
11/22/2024 2:33:24 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.pu0bfD4RMRdi
566

Agnitum Outpost
Trojan.VB
7.1.1

Avira AntiVirus
TR/Spy.259072.27
8.3.1.6

Arcabit
Trojan.Heur.pu0bfD4RMRdi
1.0.0.425

avast!
Win32:Malware-gen
2014.9-150719

AVG
Generic10_c
2016.0.3044

Baidu Antivirus
Trojan.Win32.VB
4.0.3.15719

Bitdefender
Gen:Trojan.Heur.pu0bfD4RMRdi
1.0.20.1000

Bkav FE
W32.RatCodeATTc
1.3.0.6979

Comodo Security
UnclassifiedMalware
22685

ESET NOD32
Win32/VB.RIU
9.11896

Fortinet FortiGate
W32/VB.F
7/19/2015

F-Prot
W32/VBTrojan.17E
v6.4.7.1.166

F-Secure
Gen:Trojan.Heur.pu0bfD4RMRdi
11.2015-19-07_1

G Data
Gen:Trojan.Heur.pu0bfD4RMRdi
15.7.25

IKARUS anti.virus
Trojan.Win32.Spy
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.205.16469

Kaspersky
Worm.Win32.WBNA
14.0.0.1713

McAfee
Artemis!6F9F24E3AA39
5600.6700

MicroWorld eScan
Gen:Trojan.Heur.pu0bfD4RMRdi
16.0.0.600

NANO AntiVirus
Trojan.Win32.VBTrojan.cymwqz
0.30.24.2320

Qihoo 360 Security
HEUR/Malware.QVM13.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.15C34B27!365120295
23.00.65.15717

Sophos
Mal/VB-F
4.98

Trend Micro
TROJ_GEN.R0C1C0EF115
10.465.19

VIPRE Antivirus
Trojan.Win32.Generic
41766

Zillya! Antivirus
Worm.WBNA.Win32.356192
2.0.0.2271

File size:
253 KB (259,072 bytes)

Product version:
1.05.0510

Copyright:
Google lnc

Trademarks:
Google lnc

Original file name:
GoogleUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\google\googleupdate.exe

File PE Metadata
Compilation timestamp:
4/11/2013 8:00:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:X3IZGKHxcGMeU5cbIpYOpG9Vqag9dIS1hnX1:90xHMe4cUpHpG76IS/X

Entry address:
0x5E001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, E0, 05, 00, 83, BD, 88, 04, 00, 00, 00, 89, 9D, 88, 04, 00, 00, 0F, 85, CB, 03, 00, 00, 8D, 85, 94, 04, 00, 00, 50, FF, 95, A9, 0F, 00, 00, 89, 85, 8C, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, A5, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74...
 
[+]

Entropy:
7.9006

Packer / compiler:
ASPack v2.12

Code size:
336 KB (344,064 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Google Services

Command:
C:\Program Files\google\googleupdate.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-210-47-225.compute-1.amazonaws.com  (54.210.47.225:80)

TCP (HTTP SSL):
Connects to cache.google.com  (118.69.249.172:443)

TCP (HTTP):
Connects to a23-15-149-163.deploy.static.akamaitechnologies.com  (23.15.149.163:80)

TCP (HTTP SSL):
Connects to 125.235.17.123.adsl.viettel.vn  (125.235.17.123:443)

TCP (HTTP SSL):
Connects to www.bvonline.com.vn  (203.113.130.58:443)

TCP (HTTP):
Connects to sin01s18-in-f3.1e100.net  (216.58.196.131:80)

TCP (HTTP):
Connects to sb-in-f155.1e100.net  (74.125.130.155:80)

TCP (HTTP):
Connects to hkg07s01-in-f4.1e100.net  (216.58.221.100:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 125.235.36.55.adsl.viettel.vn  (125.235.36.55:443)

TCP (HTTP SSL):
Connects to 125.235.36.24.adsl.viettel.vn  (125.235.36.24:443)

TCP (HTTP SSL):
Connects to 125.235.36.104.adsl.viettel.vn  (125.235.36.104:443)

TCP (HTTP SSL):
Connects to 125.235.30.40.adsl.viettel.vn  (125.235.30.40:443)

TCP (HTTP SSL):
Connects to 125.235.17.178.adsl.viettel.vn  (125.235.17.178:443)

TCP (HTTP SSL):
Connects to 125.235.17.168.adsl.viettel.vn  (125.235.17.168:443)

TCP (HTTP SSL):
Connects to 125.235.17.163.adsl.viettel.vn  (125.235.17.163:443)

TCP (HTTP SSL):
Connects to 125.235.17.153.adsl.viettel.vn  (125.235.17.153:443)

TCP (HTTP SSL):
Connects to 125.235.17.118.adsl.viettel.vn  (125.235.17.118:443)

Remove GoogleUpdate.exe - Powered by Reason Core Security