home

gpupd.exe

Closed Joint-Stock Company

The application gpupd.exe by Closed Joint-Stock Company has been detected as adware by 4 anti-malware scanners. It uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user. It is also typically executed from the user's temporary directory.
Publisher:
Closed Joint-Stock Company   (signed and verified)

MD5:
3a4f915029a13efa1b9fe12b9b01d357

SHA-1:
2fb1dcffdb3239ccdcf89a30c4c0b9fcbdfa77dc

SHA-256:
ba333fae54de727d1d303920f6081e92973f2621b032167afc1e960d5eee9c30

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/15/2024 3:42:29 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3379

Reason Heuristics
PUP.ClosedJointStockCompany.F
14.8.18.0

Sophos
Install Core Click run software
4.98

VIPRE Antivirus
Threat.4790103
32210

File size:
876.8 KB (897,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\gpupd.exe

Digital Signature
Signed by:
Closed Joint-Stock Company

Authority:
COMODO CA Limited

Valid from:
9/10/2013 8:00:00 PM

Valid to:
9/10/2016 7:59:59 PM

Subject:
CN="Closed Joint-Stock Company ""V.X. Technocom", O="Closed Joint-Stock Company ""V.X. Technocom", STREET="Staromonetnyi per. 14, bld. 2", L=Moscow, S=Moscow, PostalCode=119180, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
422C9081573539C78689D8F203970268

File PE Metadata
Compilation timestamp:
5/18/2014 10:46:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:FGsrXGX8YpHievFH0M6mFBpSS4Ad+Sn37:Z1ev1DSNSnL

Entry address:
0xB8C48

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, 38, 30, 4B, 00, E8, F5, 12, F5, FF, 33, C9, 55, 68, B5, 8C, 4B, 00, 64, FF, 31, 64, 89, 21, 68, F4, 01, 00, 00, E8, 11, F9, F5, FF, B8, 05, 00, 00, 00, BA, 37, 00, 00, 00, 8B, C8, 0F, AF, CA, 03, CA, 03, C1, 83, E8, 05, 3B, D0, 7E, 0C, B8, E0, 8C, 4B, 00, E8, A9, 9B, FF, FF, EB, 0A, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 28, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 1E, 33, C0, 5A, 59, 59, 64, 89, 10, E9, 5E, C9, F4, FF, 01, 00, 00, 00, B4, C7, 40, 00, C6, 8C, 4B, 00, E8, 79...
 
[+]

Entropy:
6.5339

Developed / compiled with:
Microsoft Visual C++

Code size:
734.5 KB (752,128 bytes)

Remove gpupd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.