home

PhraseProfessorAutoUpdateClient.exe

PP AutoUpdate Client

Phrase Professor

The application PhraseProfessorAutoUpdateClient.exe by Phrase Professor has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
PhraseProfessor  (signed by Phrase Professor)

Product:
PP AutoUpdate Client

Version:
1.10.0.24

MD5:
7b5784de7b9066b45537386ba6ea60c7

SHA-1:
07a631c2aea95ea7cd1cf883d531a624209dff31

SHA-256:
f229e5567bd6835e8bbb43ba13709472ad4319506dcf60faf393407d124a1be8

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:59:30 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2997

Dr.Web
Adware.Plugin.1181
9.0.1.0246

ESET NOD32
MSIL/Adware.Vitruvian (variant)
9.12197

Malwarebytes
PUP.Optional.PhraseProfessor
v2015.09.03.09

File size:
59.6 KB (61,024 bytes)

Product version:
1.10.0.24

Copyright:
Copyright (C) 2015

Original file name:
PhraseProfessorAutoUpdateClient.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\phraseprofessor_1.10.0.24\update\phraseprofessorautoupdateclient.exe

Digital Signature
Signed by:
Phrase Professor

Authority:
GlobalSign nv-sa

Valid from:
6/22/2015 7:12:16 PM

Valid to:
6/22/2017 7:12:16 PM

Subject:
E=support@phraseprofessor.com, CN=Phrase Professor, O=Phrase Professor, L=San Diego, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212ECCBE8A08CD220DFDB8DF22D0081744

File PE Metadata
Compilation timestamp:
9/2/2015 5:09:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:tjClGjSVlH4UFjTs49tQ2ATzEpPQPDWsE1QYmEPpMeHYG2GytL:ZCXBiTzEirWscnpMe4PL

Entry address:
0xEAAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
51 KB (52,224 bytes)

Scheduled Task
Task name:
PhraseProfessor Auto Updater 1.10.0.24 Core

Trigger:
Logon (Runs on logon)

Description:
PhraseProfessor Auto Updater 1.10.0.24 Core


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-214-35-198.us-west-2.compute.amazonaws.com  (54.214.35.198:443)

TCP (HTTP SSL):
Connects to ec2-54-244-222-64.us-west-2.compute.amazonaws.com  (54.244.222.64:443)

Remove PhraseProfessorAutoUpdateClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.