produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address yandex.ru on port 80 using the HTTP protocol.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
96b9f2ace7ab011be3956b79685c8b2f

SHA-1:
5af23680c241aa62b328e6f26d3b57f7f7b3fefd

SHA-256:
c76f04405491178ae1ac7b50896c470e256eb99a48a236a2fa693ea946a39b4f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/27/2024 7:11:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Glupteba
17.2.14.11

File size:
613 KB (627,712 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
1/26/2002 2:30:24 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x88D7D

Entry point:
81, C6, DD, 70, F1, EA, 12, DB, 69, FB, 19, C2, FB, DF, 1B, D0, 1D, 49, 68, E0, B5, 81, F1, D2, E8, 10, 64, 69, DD, C5, B5, 26, 82, 69, EE, AA, F5, 88, 58, 33, C8, 8B, D1, 0F, AF, FF, 80, F3, 7E, EB, 0A, 39, FF, FE, CB, 8D, 0D, C0, DB, 6B, FF, 68, D6, 3A, E5, 00, 52, 84, EB, E8, 1A, 00, 00, 00, 86, EB, 49, C6, C0, C6, 89, EF, B3, 5D, B4, C7, 81, C2, EF, 3E, 00, 00, 0F, B6, C1, 86, FD, 0F, AF, E9, 5D, FE, C1, 87, C2, 32, FD, 39, EA, F7, C6, BE, 81, B9, 39, 86, C5, 47, FE, C7, 85, FA, 88, EB, F6, C6, C1, 84...
 
[+]

Entropy:
6.9158

Code size:
333.5 KB (341,504 bytes)

Windows Firewall Allowed Program
Name:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to ip-static-94-242-254-135.server.lu  (94.242.254.135:444)

TCP (HTTP):
Connects to yandex.ru  (5.255.255.88:80)

TCP:
Connects to icebergcone.com  (91.142.85.224:444)

TCP (WHOIS):
Connects to whois.iad3.verisign.com  (199.7.59.74:43)

TCP:
Connects to f755.fuchsia.servdiscount-customer.com  (85.14.243.91:8000)

TCP (HTTP SSL):
Connects to mk080075040001.as16305.a1.net  (80.75.40.1:443)

TCP (HTTP):
Connects to ip132.156.odnoklassniki.ru  (217.20.156.132:80)

TCP (HTTP):
Connects to static.213.80.243.136.clients.your-server.de  (136.243.80.213:80)

TCP (HTTP):
Connects to is-dccache02.i.smailru.net  (188.93.56.113:80)

TCP (HTTP):
Connects to l2top.ru  (91.121.37.31:80)

TCP (HTTP):
Connects to host.uodarkshard.com  (208.79.235.134:80)

TCP (HTTP SSL):
Connects to e.mail.ru  (217.69.139.215:443)

TCP (HTTP SSL):
Connects to a104-81-62-72.deploy.static.akamaitechnologies.com  (104.81.62.72:443)

TCP (HTTP SSL):
Connects to a104-126-167-97.deploy.static.akamaitechnologies.com  (104.126.167.97:443)

TCP (HTTP SSL):
Connects to a104-122-252-240.deploy.static.akamaitechnologies.com  (104.122.252.240:443)

TCP (HTTP SSL):
Connects to a104-122-243-148.deploy.static.akamaitechnologies.com  (104.122.243.148:443)

Remove produpd.exe - Powered by Reason Core Security