home

produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address ih396272.dedic.myihor.ru on port 444.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
0d04aa5f1da89d70f823586a7d8cd74e

SHA-1:
2e56138728cc750bbee17710b9f8c05c402d838e

SHA-256:
7d3aee74236cfe71a8629d9aecee220974b096c70e55fa229e8dfee51b7be66e

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/24/2024 1:42:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Glupteba
17.2.8.14

File size:
529 KB (541,696 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
7/17/2008 3:21:51 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x54597

Entry point:
68, 0E, 6A, 00, 00, F8, 5A, 86, E4, B8, BA, 26, F3, D8, 8A, EE, 86, C9, E9, 20, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, E7, 06, 00, C8, E7, 06, 00, B8, E7, 06, 00, A6, E7, 06, 00, 94, E7, 06, 00, 86, E7, 06...
 
[+]

Entropy:
6.6833

Code size:
333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to l094.lemon.myloc.de  (93.186.192.94:444)

TCP:
Connects to ih396272.dedic.myihor.ru  (194.67.211.107:444)

TCP (HTTP SSL):
Connects to a104-94-184-73.deploy.static.akamaitechnologies.com  (104.94.184.73:443)

TCP (HTTP):
Connects to node001.adplexity.com  (107.6.167.194:80)

TCP (HTTP):
Connects to local-www.nlm.nih.gov  (130.14.16.110:80)

TCP (HTTP SSL):
Connects to appsmail.ru  (94.100.180.33:443)

Remove produpd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.