home

gpupd.exe

Closed Joint-Stock Company

The application gpupd.exe by Closed Joint-Stock Company has been detected as adware by 4 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Closed Joint-Stock Company   (signed and verified)

MD5:
69cc1ec10844b044353ed083a9162546

SHA-1:
4f95a834cd06dd26c5e8ed67f518987898801c09

SHA-256:
0a27aedcc51fedc5044a13ee8272443b6370bcd9dfa8fa9c62022e2ebde085c3

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/15/2024 3:18:27 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.PUA
4.0.3.1465

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.3756

Reason Heuristics
PUP.ClosedJointStockCompany.F
14.6.5.17

VIPRE Antivirus
Threat.4790103
29800

File size:
830 KB (849,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\gpupd.exe

Digital Signature
Signed by:
Closed Joint-Stock Company

Authority:
COMODO CA Limited

Valid from:
9/10/2013 8:00:00 PM

Valid to:
9/10/2016 7:59:59 PM

Subject:
CN="Closed Joint-Stock Company ""V.X. Technocom", O="Closed Joint-Stock Company ""V.X. Technocom", STREET="Staromonetnyi per. 14, bld. 2", L=Moscow, S=Moscow, PostalCode=119180, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
422C9081573539C78689D8F203970268

File PE Metadata
Compilation timestamp:
6/3/2014 10:58:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:y8Ev5JbkF1FjuQFEYp89JZiDB7JC/EyRDQLBTOy5rBH888888888888W88888881:FoJoF1FjuQF2JZ85Y/tEB/5V

Entry address:
0xACE7C

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, C0, 7D, 4A, 00, E8, 69, D0, F5, FF, 33, C0, 55, 68, B1, CE, 4A, 00, 64, FF, 30, 64, 89, 20, B8, C4, D1, 4A, 00, E8, 51, AA, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 0A, E9, B2, 85, F5, FF, E8, 05, 8A, F5, FF, 33, C0, 55, 68, ED, CE, 4A, 00, 64, FF, 30, 64, 89, 20, 6A, 00, 6A, 00, 68, E0, D1, 4A, 00, 68, 04, D2, 4A, 00, 68, 14, D2, 4A, 00, 6A, 00, E8, B1, C1, F6, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 0A, E9, 76, 85, F5, FF, E8, C9, 89, F5, FF, 33, C0, 55, 68, 19...
 
[+]

Entropy:
6.3628

Developed / compiled with:
Microsoft Visual C++

Code size:
690 KB (706,560 bytes)

Remove gpupd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.