» LiveUpdate.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

LiveUpdate.exe

LiveUpdate

Wuhan Jiduo Information Technology Co.,Ltd.

The application LiveUpdate.exe by Wuhan Jiduo Information Technology Co.,Ltd has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Driver Genius Professional Edition by Driver-Soft Inc. which is a potentially unwanted software program. While running, it connects to the Internet address f8.a9.e443.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

LiveUpdate.exe

Publisher:

Driver-Soft Inc. (signed by Wuhan Jiduo Information Technology Co.,Ltd.)

Product:

LiveUpdate

Version:

9.00.0186

MD5:

8d9a124b78b504df0c66ce9650705472

SHA-1:

5413ef2a97d9cdea0bcd03385f588bd45f2698db

SHA-256:

180a11fd8c44e84b18bf2108029f95510d083921a4d23cb9354cd817c6117536

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

11/30/2024 10:13:32 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.WuhanJiduoInformationTechnologyCoLtd.K

188838

Comodo Security

Heur.Suspicious

16550

Reason Heuristics

PUP.Optional.WuhanJiduoInformationTechnologyCoLtd.K

14.8.1.0

Rising Antivirus

Trojan.Win32.Generic.12CBB584

23.00.65.14212

Vba32 AntiVirus

Backdoor.Win32.Hupigon.jnxe

3.12.12.1

File size:

541.1 KB (554,064 bytes)

Product version:

9.00.0186

Original file name:

LiveUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\liveupdate.exe

Digital Signature

Signed by:

Wuhan Jiduo Information Technology Co.,Ltd.

Authority:

WoSign, Inc.

Valid from:

5/21/2008 8:00:00 PM

Valid to:

5/22/2010 7:59:59 PM

Subject:

CN=Driver-Soft.com, OU=Class 3 - for Microsoft Authenticode Signing, O="Wuhan Jiduo Information Technology Co.,Ltd.", L=Wuhan, S=Hubei, C=CN

Issuer:

CN=WoSign Code Signing Authority, O="WoSign, Inc.", C=US

Serial number:

79E59F0AC0FF47090A57C16B38B1BD

File PE Metadata

Compilation timestamp:

12/7/2009 9:02:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:aoKws7qe+Dsrehw0jTC85F0N4ruMgkgUpcc:+DOHISfjTC8826IXpH

Entry address:

0x1000

Entry point:

68, 01, 80, 45, 00, E8, 01, 00, 00, 00, C3, C3, B2, 0F, F3, 60, F7, 04, AD, 10, 46, 0A, 28, 3A, 0B, C5, C8, EC, B3, F3, 3C, 4E, F1, 5A, 81, 8C, A5, 6D, 15, 44, 33, D7, 90, 7E, CF, 70, EE, 09, 15, B6, 34, 6D, D0, B0, 23, 8F, 36, F3, 69, 7E, 33, 2A, D7, EE, AD, F3, EE, AF, BA, 59, 88, 80, 5D, 11, A0, C2, 6D, DC, 51, F7, 6D, BF, DF, 08, 8C, 24, E8, E3, 19, 5E, AB, C2, F9, 7E, 70, FE, D4, 01, AF, 0E, A0, 9A, 8C, C0, A0, 73, A2, 66, 1E, 18, 7E, 1D, B9, 1C, 56, 61, C1, 28, 47, 1C, F3, A7, 2F, 79, 8F, 2B, 0B, E5... 
[+]

Entropy:

7.9109

Packer / compiler:

ASProtect v1.2x (New Strain)

Code size:

312 KB (319,488 bytes)

The file LiveUpdate.exe has been discovered within the following program.

Driver Genius Professional Edition by Driver-Soft Inc.

This is an application designed to check the computer's installed drivers against a database of available drivers for a number of software and device hardware applications.

www.driver-soft.com

65% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to f8.a9.e443.ip4.static.sl-reverse.com (67.228.169.248:80)

Remove LiveUpdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.