produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
c9d5080fb49e9313d6f4c54e30d65246

SHA-1:
4e0ac2126202af76a55aa17bd563bb1c53610a0b

SHA-256:
2539e9c4e730fb810f1c2e7e8af3330d0dae8f22c65bc58291a9096cf33e0303

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 2:48:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Glupteba
17.2.17.21

File size:
560 KB (573,440 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
7/6/1998 10:27:37 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x919EE

Entry point:
8A, E4, 83, 3C, 24, FF, 9B, 0F, 84, FA, FF, FF, FF, 90, 8D, 1B, 8D, 64, 24, D0, 60, 8D, 64, 24, 24, E8, 23, FD, FF, FF, F7, D2, 8D, 7C, 24, FC, 87, 1F, 4B, F7, D6, 0F, B7, CB, E2, FE, 66, 8B, D9, 8A, E7, 81, CA, 55, 82, 79, DB, FF, 73, 3C, F6, D4, 86, F6, 59, 81, E9, FE, FF, FF, 7F, 73, DD, 8A, F1, 86, E0, F6, D4, 87, F2, B0, 54, 81, D9, 91, 11, 00, 00, 71, CB, 38, EE, 24, FF, 86, C2, 8B, 8C, 19, 90, 11, 00, 80, 81, F1, 50, 45, 00, 00, 75, B6, A8, B7, 9B, 4A, 68, DD, F9, 30, FC, E8, EF, FC, FF, FF, E9, F2...
 
[+]

Entropy:
6.7485

Code size:
333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a95-101-93-138.deploy.akamaitechnologies.com  (95.101.93.138:443)

TCP (HTTP):
Connects to static.37.58.243.136.clients.your-server.de  (136.243.58.37:80)

TCP (HTTP SSL):
Connects to srv81-165-240-87.vk.com  (87.240.165.81:443)

TCP (HTTP SSL):
Connects to signin.g.ebay.com  (66.211.181.96:443)

TCP (HTTP SSL):
Connects to sigin.ebay.com  (66.135.204.237:443)

TCP (HTTP):
Connects to ps155876.dreamhost.com  (69.163.178.247:80)

TCP (HTTP):
Connects to ip-166-62-115-254.ip.secureserver.net  (166.62.115.254:80)

TCP (HTTP):
Connects to hp151.hostpapa.com  (69.28.199.180:80)

TCP (HTTP):
Connects to games.mail.ru  (178.22.89.40:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lga3.facebook.com  (31.13.71.36:443)

TCP (HTTP):
Connects to ec2-54-221-218-81.compute-1.amazonaws.com  (54.221.218.81:80)

TCP (HTTP SSL):
Connects to connect.secure.wellsfargo.com  (159.45.66.156:443)

TCP (HTTP SSL):
Connects to a95-100-3-235.deploy.akamaitechnologies.com  (95.100.3.235:443)

TCP (HTTP SSL):
Connects to a95-100-11-213.deploy.akamaitechnologies.com  (95.100.11.213:443)

TCP (HTTP SSL):
Connects to a23-61-239-32.deploy.static.akamaitechnologies.com  (23.61.239.32:443)

TCP (HTTP):
Connects to a23-43-143-240.deploy.static.akamaitechnologies.com  (23.43.143.240:80)

TCP (HTTP SSL):
Connects to a23-43-141-31.deploy.static.akamaitechnologies.com  (23.43.141.31:443)

TCP (HTTP SSL):
Connects to a184-86-54-253.deploy.static.akamaitechnologies.com  (184.86.54.253:443)

Remove produpd.exe - Powered by Reason Core Security