» produpd.exe
Overview
Analysis
File Details
Behaviors (1)
Network (20)

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address yandex.ru on port 80 using the HTTP protocol.

File name:

produpd.exe

Publisher:

Vested Development, Inc

Product:

produpd.exe

Version:

2.2.1.23

MD5:

96b9f2ace7ab011be3956b79685c8b2f

SHA-1:

5af23680c241aa62b328e6f26d3b57f7f7b3fefd

SHA-256:

c76f04405491178ae1ac7b50896c470e256eb99a48a236a2fa693ea946a39b4f

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/24/2024 12:39:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Trojan.Glupteba

17.2.14.11

File size:

613 KB (627,712 bytes)

Product version:

2.2.0.2

Original file name:

produpd.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata

Compilation timestamp:

1/26/2002 2:30:24 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x88D7D

Entry point:

81, C6, DD, 70, F1, EA, 12, DB, 69, FB, 19, C2, FB, DF, 1B, D0, 1D, 49, 68, E0, B5, 81, F1, D2, E8, 10, 64, 69, DD, C5, B5, 26, 82, 69, EE, AA, F5, 88, 58, 33, C8, 8B, D1, 0F, AF, FF, 80, F3, 7E, EB, 0A, 39, FF, FE, CB, 8D, 0D, C0, DB, 6B, FF, 68, D6, 3A, E5, 00, 52, 84, EB, E8, 1A, 00, 00, 00, 86, EB, 49, C6, C0, C6, 89, EF, B3, 5D, B4, C7, 81, C2, EF, 3E, 00, 00, 0F, B6, C1, 86, FD, 0F, AF, E9, 5D, FE, C1, 87, C2, 32, FD, 39, EA, F7, C6, BE, 81, B9, 39, 86, C5, 47, FE, C7, 85, FA, 88, EB, F6, C6, C1, 84... 
[+]

Entropy:

6.9158

Code size:

333.5 KB (341,504 bytes)

Windows Firewall Allowed Program

Name:

C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to ip-static-94-242-254-135.server.lu (94.242.254.135:444)

TCP (HTTP):

Connects to yandex.ru (5.255.255.88:80)

TCP:

Connects to icebergcone.com (91.142.85.224:444)

TCP (WHOIS):

Connects to whois.iad3.verisign.com (199.7.59.74:43)

TCP:

Connects to f755.fuchsia.servdiscount-customer.com (85.14.243.91:8000)

TCP (HTTP SSL):

Connects to mk080075040001.as16305.a1.net (80.75.40.1:443)

TCP (HTTP):

Connects to ip132.156.odnoklassniki.ru (217.20.156.132:80)

TCP (HTTP):

Connects to static.213.80.243.136.clients.your-server.de (136.243.80.213:80)

TCP (HTTP):

Connects to is-dccache02.i.smailru.net (188.93.56.113:80)

TCP (HTTP):

Connects to l2top.ru (91.121.37.31:80)

TCP (HTTP):

Connects to host.uodarkshard.com (208.79.235.134:80)

TCP (HTTP SSL):

Connects to e.mail.ru (217.69.139.215:443)

TCP (HTTP SSL):

Connects to a104-81-62-72.deploy.static.akamaitechnologies.com (104.81.62.72:443)

TCP (HTTP SSL):

Connects to a104-126-167-97.deploy.static.akamaitechnologies.com (104.126.167.97:443)

TCP (HTTP SSL):

Connects to a104-122-252-240.deploy.static.akamaitechnologies.com (104.122.252.240:443)

TCP (HTTP SSL):

Connects to a104-122-243-148.deploy.static.akamaitechnologies.com (104.122.243.148:443)

Remove produpd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.