home

PhraseProfessorAutoUpdateClient.exe

PP AutoUpdate Client

Phrase Professor

The application PhraseProfessorAutoUpdateClient.exe by Phrase Professor has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
PhraseProfessor  (signed by Phrase Professor)

Product:
PP AutoUpdate Client

Version:
1.10.0.21

MD5:
cf63731f152f14de3c28b2c9adabc4bb

SHA-1:
42c7f099d4646d2b8226f300a4a94fbc9ffca460

SHA-256:
d52acee73bc927d986811b5faf1cdc0d1283fc7b16d20012d085e723b23fda3b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:41:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PhraseProfessor (M)
15.10.8.15

File size:
62.6 KB (64,096 bytes)

Product version:
1.10.0.21

Copyright:
Copyright (C) 2015

Original file name:
PhraseProfessorAutoUpdateClient.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\phraseprofessor_1.10.0.21\update\phraseprofessorautoupdateclient.exe

Digital Signature
Signed by:
Phrase Professor

Authority:
GlobalSign nv-sa

Valid from:
6/22/2015 3:12:16 PM

Valid to:
6/22/2017 3:12:16 PM

Subject:
E=support@phraseprofessor.com, CN=Phrase Professor, O=Phrase Professor, L=San Diego, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212ECCBE8A08CD220DFDB8DF22D0081744

File PE Metadata
Compilation timestamp:
7/28/2015 2:47:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:/MizQ7qVw6ezEFja04Ms+g1gp20fxuV0hC9o+6U8OIEPpMeDCYS2Gyv:US9n21gg0Zo02WYpMe9N

Entry address:
0xF72E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5709

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
54 KB (55,296 bytes)

Scheduled Task
Task name:
PhraseProfessor Auto Updater 1.10.0.21 Core

Trigger:
Logon (Runs on logon)

Description:
PhraseProfessor Auto Updater 1.10.0.21 Core


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to ec2-54-244-222-64.us-west-2.compute.amazonaws.com  (54.244.222.64:443)

Remove PhraseProfessorAutoUpdateClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.