googleupdate.exe

上海云瞳科技有限公司

The application googleupdate.exe by 上海云瞳科技有限公司 has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Google Protect Service(gprotect)”.
Publisher:
上海云瞳科技有限公司  (signed and verified)

Version:
48.2.2564.88

MD5:
0aa0957c86f47498330370635a892d57

SHA-1:
908806ba2b0bd90879f3028a1a47b52b70c0dcf2

SHA-256:
3d21bec7e32a05c45bd32a8092e890cfb00345f85b4ab806ef2345dd4bfe9715

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:46:22 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/ELEX.HJ potentially unwanted application
6.3.12010.0

F-Secure
Variant.Adware.Ghoskwa
5.15.154

Kaspersky
not-a-virus:AdWare.Win32.ELEX
15.0.2.529

Microsoft Security Essentials
Trojan:Win32/Ghokswa
1.233.3818.0

File size:
307.6 KB (315,008 bytes)

Product version:
48.2.2564.88

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\google\update\googleupdate.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
11/23/2015 1:58:59 PM

Valid to:
11/23/2016 1:58:59 PM

Subject:
CN=上海云瞳科技有限公司, O=上海云瞳科技有限公司, STREET=自由贸易试验区奥纳路188号2幢楼5层529室, L=上海, S=上海, C=CN, OID.1.3.6.1.4.1.311.60.2.1.2=Shanghai, OID.1.3.6.1.4.1.311.60.2.1.3=CN, SERIALNUMBER=310141000153861, OID.2.5.4.15=Private Organization

Issuer:
CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112111890B77B0FDF98EB0B3CFDEA89B989C

File PE Metadata
Compilation timestamp:
1/25/2016 7:53:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1EBFC

Entry point:
E8, D3, E8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, A0, 84, 44, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, F7, 67, 00, 00, 59, FF, 34, F5, A0, 84, 44, 00, FF, 15, 0C, A2, 43, 00, 5E, 5D, C3, 56, 57, BE, A0, 84, 44, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, E0, A0, 43, 00, 53, E8, 48, CD, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, C0, 85, 44, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15...
 
[+]

Entropy:
6.4857

Code size:
225.5 KB (230,912 bytes)

Service
Display name:
Google Protect Service(gprotect)

Service name:
gprotect

Description:
To ensure your Google software integrity. If this service is disabled or stopped, your Google software will not be kept integrity check, meaning security vulnerabilities that may arise cannot be fixed

Type:
Win32OwnProcess

Depends on:
RpcSs


Remove googleupdate.exe - Powered by Reason Core Security