» googleupdate.exe
Overview
Analysis
File Details
Behaviors (1)

googleupdate.exe

Yupeng Zhang

The executable googleupdate.exe has been detected as malware by 2 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Google Protect Service(gprotect)”.

File name:

googleupdate.exe

Publisher:

Yupeng Zhang (signed and verified)

Version:

46.23.2490.86

MD5:

af04fe8e50a92f9e1ce1afaa75856dd0

SHA-1:

0a7cae3ab5b1e3762a2014b8a25f510ae6862fcf

SHA-256:

83ab6d7f003202c20290cfc98605e4cf470f6e1cd0e05d0cc2b70e034bd9d78f

Scanner detections:

2 / 68

Status:

Malware

Analysis date:

1/13/2025 7:05:24 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Ramnit.C

7.11.30.172

Reason Heuristics

PUP.Zhang.YupengZh.Meta (M)

16.7.1.16

File size:

304.7 KB (312,024 bytes)

Product version:

46.23.2490.86

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\google\update\googleupdate.exe

Digital Signature

Signed by:

Yupeng Zhang

Authority:

thawte, Inc.

Valid from:

10/23/2015 7:00:00 AM

Valid to:

10/23/2016 6:59:59 AM

Subject:

CN=Yupeng Zhang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

182977886EA709BC13B5E49D243C3907

File PE Metadata

Compilation timestamp:

1/14/2016 9:25:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

3072:cOvUThqhhdb7N3oPVz5rlwMZWEplz0Hxmdk+c5Rl+K2MdPCAgoM/aTvn8RAXwhwL:c3ThqhJoNzFLCAd+7/i9FGjXJ

Entry address:

0x1E4CF

Entry point:

E8, E0, E8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, A0, 74, 44, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, F4, 67, 00, 00, 59, FF, 34, F5, A0, 74, 44, 00, FF, 15, 0C, 92, 43, 00, 5E, 5D, C3, 56, 57, BE, A0, 74, 44, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, E0, 90, 43, 00, 53, E8, B2, CA, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, C0, 75, 44, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15... 
[+]

Entropy:

6.4923

Code size:

223.5 KB (228,864 bytes)

Service

Display name:

Google Protect Service(gprotect)

Service name:

gprotect

Description:

To ensure your Google software integrity. If this service is disabled or stopped, your Google software will not be kept integrity check, meaning security vulnerabilities that may arise cannot be fixed

Type:

Win32OwnProcess

Depends on:

RpcSs

Remove googleupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.