googleupdate.exe

AutoPlay Media Studio Launcher

The executable googleupdate.exe, “AutoPlay Application” has been detected as malware by 33 anti-virus scanners. This file is typically installed with the program Cloob Messenger by cloob.com. While running, it connects to the Internet address hosted-by.hostdl.com.asiatech.ir on port 80 using the HTTP protocol.
Product:
AutoPlay Media Studio Launcher

Description:
AutoPlay Application

Version:
7.5.1004.0

MD5:
49330abe417ac1caa8b27527171a36ef

SHA-1:
72c7aeacc25acd934842b36754d192df6a04684a

SHA-256:
c8ba506b2e5c95ee588e68b9cb4655eb196b464d09fd05a0b760f1eb2da8cb2e

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
12/27/2024 6:27:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1792659
557

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.HDC
2015.06.07

Avira AntiVirus
TR/Artemis.aprb
8.3.1.6

Arcabit
Trojan.Generic.D1B5A93
1.0.0.425

avast!
Win32:Malware-gen
2014.9-150728

Baidu Antivirus
Worm.Win32.AutoPlayStudio
4.0.3.15728

Bitdefender
Trojan.GenericKD.1792659
1.0.20.1045

Comodo Security
UnclassifiedMalware
22449

Dr.Web
Trojan.AutoPlay.1
9.0.1.0209

ESET NOD32
Win32/AutoPlayStudio
9.10092

Fortinet FortiGate
W32/AutoPlayStudio.A!worm
8/31/2015

F-Secure
Trojan.GenericKD.1792659
11.2015-28-07_3

G Data
Trojan.GenericKD.1792659
15.7.25

herdProtect (fuzzy)
2015.8.31.3

IKARUS anti.virus
Trojan.Artemis
t3scan.1.9.5.0

K7 AntiVirus
Hacktool
13.204.16176

Kaspersky
Trojan.Win32.Agent
14.0.0.1668

McAfee
Artemis!686C7DD57C03
5600.6691

MicroWorld eScan
Trojan.GenericKD.1792659
16.0.0.627

NANO AntiVirus
Trojan.Win32.Agent.drpqce
0.30.24.2086

nProtect
Trojan.GenericKD.1792659
15.06.12.01

Panda Antivirus
Trj/CI.A
15.07.28.10

Qihoo 360 Security
Win32/Trojan.fdb
1.0.0.1015

Quick Heal
Trojan.Agen.g4
7.15.14.00

Rising Antivirus
PE:Trojan.Agent!6.566
23.00.65.15829

Sophos
Mal/Generic-S
4.98

Total Defense
Heur/TrojanHorse.ZCFZ!suspicious
37.1.62.1

Trend Micro House Call
TROJ_GEN.R08OC0EDD15
7.2.209

Trend Micro
TROJ_GEN.R08OC0EDD15
10.465.28

Vba32 AntiVirus
Trojan.Agent.ahadg
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
41122

ViRobot
Trojan.Win32.A.Agent.1764278.B[h]
2014.3.20.0

File size:
1.7 MB (1,764,278 bytes)

Product version:
7.5.1004.0

Copyright:
Runtime Engine Copyright © 2008 Indigo Rose Corporation (www.indigorose.com)

Trademarks:
AutoPlay Media Studio is a Trademark of Indigo Rose Corporation

Original file name:
ams_launch.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\google\update\googleupdate.exe

File PE Metadata
Compilation timestamp:
10/28/2008 4:39:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:Nh+IK8vGga2oxMR9PoVz7lj4CQntq8MXmqDtfPIh96:NEIi2oxMGlE5tamIPIL6

Entry address:
0x173A6

Entry point:
55, 8B, EC, 6A, FF, 68, 90, 2C, 43, 00, 68, C4, BE, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, AC, 01, 43, 00, 33, D2, 8A, D4, 89, 15, A0, 0A, 44, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 9C, 0A, 44, 00, C1, E1, 08, 03, CA, 89, 0D, 98, 0A, 44, 00, C1, E8, 10, A3, 94, 0A, 44, 00, 6A, 01, E8, 45, 38, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 86, 1A, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
7.8620

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
188 KB (192,512 bytes)

The file googleupdate.exe has been discovered within the following program.

Cloob Messenger  by cloob.com
Cloob Messenger bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar. Once accepted, the packaged executable, ConduitInstaller.
www.cloob.com/etc/messenger
About 10% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to hosted-by.hostdl.com.asiatech.ir  (185.49.85.3:80)

Remove googleupdate.exe - Powered by Reason Core Security