PatchUpPlus.exe

패치업

ebiznetworks

The application PatchUpPlus.exe by ebiznetworks has been detected as adware by 16 anti-malware scanners.
Publisher:
(주)이비즈네트웍스  (signed by ebiznetworks)

Product:
패치업

Version:
1, 0, 5, 0

MD5:
8e1f538821e5fe35fa43ffe30ba2b078

SHA-1:
0340806710d506493baec77f6267312a181e1c4c

SHA-256:
07b5c1a4620f08d0def9a1c29b7e8cc94761016b0648f3ab3f52c3320f1d0354

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
12/26/2024 5:05:32 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Adware
7.1.1

AhnLab V3 Security
PUP/Win32.PatchUp
2014.02.03

Avira AntiVirus
TR/FraudPack.B.2
7.11.128.170

avast!
Win32:FakeAV-EJH [PUP]
2014.9-140812

AVG
MalSign.FakeAV.45f
2015.0.3384

Baidu Antivirus
AdWare.Win32.PatchupPlus
4.0.3.14812

Bkav FE
W32.StudpiuLTAAN.Trojan
1.3.0.4923

ESET NOD32
Win32/Adware.PatchupPlus
8.9372

K7 AntiVirus
Adware
13.175.11028

Malwarebytes
Fraudtool.PatchUpPlus
v2014.08.12.08

McAfee
Artemis!8E1F538821E5
5600.7040

Reason Heuristics
PUP.ebiznetworks.L
14.8.31.22

Sophos
Generic PUA AD
4.97

Trend Micro House Call
ADW_PATCHUPPLUS
7.2.224

Trend Micro
ADW_PATCHUPPLUS
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
26088

File size:
4.4 MB (4,661,456 bytes)

Product version:
1, 0, 5, 0

Copyright:
2008 EBIZNETWORKS Co.,Ltd. All rights reserved.

Original file name:
PatchUpPlus.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\patchup_plus\patchupplus.exe

Digital Signature
Signed by:

Authority:
eBiz Networks Ltd

Valid from:
3/17/2008 9:00:00 AM

Valid to:
3/18/2010 8:59:59 AM

Subject:
CN=ebiznetworks, O=ebiznetworks, STREET="Samseong 1-dong ,Gangnam-gu, Seoul, Korea", STREET=85-19, L=Seoul, S=Gangnam-gu, PostalCode=135-091, C=KR

Issuer:
CN=eBiz Networks Certificate Services, O=eBiz Networks Ltd, C=KR

Serial number:
24A7AED0772EB2E1BB92C71B6BDB1359

File PE Metadata
Compilation timestamp:
1/12/2010 2:52:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:4VekDqp/PSzjQWdPkf9/PCcch9tEWKwh9J8us6y:4VrXPc9/PDch9tEWKwh9J8uNy

Entry address:
0x2EDC7

Entry point:
E8, 58, 04, 00, 00, E9, 39, FD, FF, FF, CC, FF, 25, 8C, 59, 43, 00, CC, CC, CC, CC, CC, CC, CC, CC, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, 68, E2, E8, 42, 00, 68, 38, 70, 44, 00, E8, B9, 04, 00, 00, 83, C4, 18, C3, CC, FF, 25, 88, 59, 43, 00, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 9A, 04, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 84, 04, 00, 00, 68, E0, ED, 42, 00, 64, FF, 35, 00, 00, 00...
 
[+]

Entropy:
5.2937

Code size:
208 KB (212,992 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-22-168-184.compute-1.amazonaws.com  (52.22.168.184:80)

TCP (HTTP):
Connects to ec2-54-85-190-237.compute-1.amazonaws.com  (54.85.190.237:80)

TCP (HTTP):
Connects to ec2-54-172-194-54.compute-1.amazonaws.com  (54.172.194.54:80)

TCP (HTTP):
Connects to ec2-52-203-224-169.compute-1.amazonaws.com  (52.203.224.169:80)

TCP (HTTP):
Connects to ec2-54-88-139-120.compute-1.amazonaws.com  (54.88.139.120:80)

TCP (HTTP):
Connects to ec2-54-86-84-196.compute-1.amazonaws.com  (54.86.84.196:80)

TCP (HTTP):
Connects to ec2-54-86-83-98.compute-1.amazonaws.com  (54.86.83.98:80)

TCP (HTTP):
Connects to ec2-52-22-103-37.compute-1.amazonaws.com  (52.22.103.37:80)

TCP (HTTP):
Connects to ec2-34-197-191-95.compute-1.amazonaws.com  (34.197.191.95:80)

TCP (HTTP):
Connects to ec2-54-88-117-14.compute-1.amazonaws.com  (54.88.117.14:80)

TCP (HTTP):
Connects to ec2-54-86-136-167.compute-1.amazonaws.com  (54.86.136.167:80)

TCP (HTTP):
Connects to ec2-54-85-183-119.compute-1.amazonaws.com  (54.85.183.119:80)

TCP (HTTP):
Connects to ec2-52-3-15-211.compute-1.amazonaws.com  (52.3.15.211:80)

TCP (HTTP):
Connects to ec2-52-20-36-222.compute-1.amazonaws.com  (52.20.36.222:80)

TCP (HTTP):
Connects to ec2-34-193-232-197.compute-1.amazonaws.com  (34.193.232.197:80)

Remove PatchUpPlus.exe - Powered by Reason Core Security