» produpd.exe
Overview
Analysis
File Details
Behaviors (1)
Network (55)

produpd.exe

Vested Development, Inc

The application produpd.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘produpd’. While running, it connects to the Internet address edge-star-mini-shv-01-fra3.facebook.com on port 443.

File name:

produpd.exe

Publisher:

Vested Development, Inc

Product:

produpd.exe

Version:

2.2.1.23

MD5:

ca5b5f8d7a48f11bd0478006edd5921c

SHA-1:

02d38c86cef146930c72eb8c2e9f57123d7e9b6b

SHA-256:

a58f3685829069c9e2a331162b3216ee4fda46f63de358b4b7534582aed87ee5

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 9:27:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Razy.84351

AhnLab V3 Security

Trojan/Win32.Generic.C1612235

3.8.2.16

Arcabit

Trojan.Razy.D1497F

1.0.0.791

Bitdefender

Gen:Variant.Razy.84351

1.0.20.1755

Emsisoft Anti-Malware

Gen:Variant.Razy.84351

8.16.12.16.09

ESET NOD32

Win32/Glupteba.AT (variant)

10.14614

Fortinet FortiGate

W32/Generic.AC.3AE4AB!tr

12/16/2016

F-Secure

Gen:Variant.Razy.84351

11.2016-16-12_6

G Data

Gen:Variant.Razy.84351

16.12.25

IKARUS anti.virus

Trojan.Win32.Glupteba

0.1.3.4

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-867

Malwarebytes

PUP.Optional.ProductUpdater

v2016.12.16.09

MicroWorld eScan

Gen:Variant.Razy.84351

17.0.0.1053

Panda Antivirus

Trj/GdSda.A

16.12.16.09

Qihoo 360 Security

HEUR/QVM10.1.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Generic!GnzYPAIRODD@5 (thunder)

23.00.65.161214

SUPERAntiSpyware

PUP.ProductUpdater/Variant

8712

File size:

502 KB (514,048 bytes)

Product version:

2.2.0.2

Original file name:

produpd.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata

Compilation timestamp:

12/16/2016 4:06:03 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x1C39E

Entry point:

E8, D8, 09, 00, 00, E9, 8E, FE, FF, FF, FF, 25, B0, 52, 45, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 71, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 60, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, F0, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00... 
[+]

Code size:

333.5 KB (341,504 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

produpd

Command:

"C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe"

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to nodomen.ru (185.31.161.198:444)

TCP (HTTP SSL):

Connects to srv81-165-240-87.vk.com (87.240.165.81:443)

TCP (HTTP SSL):

Connects to employsystem.nq.pl (195.242.93.82:443)

TCP:

Connects to interviewder.net (91.203.5.26:8000)

TCP:

Connects to 5.189.33.18-FTTB.planeta.tc (5.189.33.18:4899)

TCP:

Connects to ns3002298.ip-37-59-41.eu (37.59.41.180:8000)

TCP:

Connects to dsde11.fornex.org (212.224.124.78:8000)

TCP:

Connects to f755.fuchsia.servdiscount-customer.com (85.14.243.91:8000)

TCP (HTTP):

Connects to l2top.ru (91.121.37.31:80)

TCP:

Connects to h88-150-135-234.host.redstation.co.uk (88.150.135.234:8000)

TCP:

Connects to 55.33.224.159.triolan.net (159.224.33.55:20000)

TCP (HTTP):

Connects to video-edge-c55cc8.fra02.hls.ttvnw.net (52.223.196.199:80)

TCP (HTTP):

Connects to video-edge-c2aa48.arn03.hls.ttvnw.net (52.223.193.130:80)

TCP (HTTP SSL):

Connects to signin.g.ebay.com (66.211.185.47:443)

TCP:

Connects to ip-static-94-242-254-135.server.lu (94.242.254.135:8000)

TCP (SMTP):

Connects to col0-mc2-f.col0.hotmail.com (65.55.37.88:25)

TCP (HTTP SSL):

Connects to a95-101-248-45.deploy.akamaitechnologies.com (95.101.248.45:443)

TCP (HTTP SSL):

Connects to a104-126-164-176.deploy.static.akamaitechnologies.com (104.126.164.176:443)

TCP (HTTP SSL):

Connects to 212-74-50-1.static.datatechuk.net (212.74.50.1:443)

TCP (HTTP):

Connects to 125.234.52.216.hcm.viettel.vn (125.234.52.216:80)

Remove produpd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.