produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address dsde11.fornex.org on port 8000.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
dd7d3684aff7564d2b5d9347b5047899

SHA-1:
60b4cebd75c9c5efb7b56ed43d71450e13d55f25

SHA-256:
d963b7b9e69b8447f0272aa0ff59d2566549d986e79b3c8df00f94bd01b01e8d

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 6:51:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Glupteba
17.2.2.21

File size:
502 KB (514,048 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
2/2/2017 10:11:04 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x1C39E

Entry point:
E8, D8, 09, 00, 00, E9, 8E, FE, FF, FF, FF, 25, B0, 52, 45, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 71, F8, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 60, F8, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, F0, 46, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00...
 
[+]

Code size:
333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (WHOIS):
Connects to whois.chi2.verisign.com  (199.7.48.74:43)

TCP (HTTP SSL):
Connects to a23-223-20-150.deploy.static.akamaitechnologies.com  (23.223.20.150:443)

TCP (WHOIS):
Connects to whois.opensrs.net  (64.99.62.11:43)

TCP (WHOIS):
Connects to whois.networksolutions.com  (205.178.188.12:43)

TCP (WHOIS):
Connects to whois.mad1.verisign.com  (199.7.73.74:43)

TCP (WHOIS):
Connects to ip-104-238-108-1.ip.secureserver.net  (104.238.108.1:43)

TCP (WHOIS):
Connects to 209.99.17-198.confluence-networks.com  (209.99.17.198:43)

TCP (HTTP):
Connects to g1.formy.net  (195.191.248.36:80)

TCP (HTTP SSL):
Connects to front.kp.yandex.net  (213.180.193.105:443)

TCP (HTTP):
Connects to ec2-52-72-151-107.compute-1.amazonaws.com  (52.72.151.107:80)

TCP:
Connects to dsde11.fornex.org  (212.224.124.78:8000)

TCP:
Connects to f755.fuchsia.servdiscount-customer.com  (85.14.243.91:8000)

TCP (WHOIS):
Connects to whois.cdmon.com  (46.16.61.15:43)

TCP (HTTP):
Connects to e1dc-unassigned.eserver-ru.com  (80.77.169.248:80)

TCP:
Connects to dynamicip-188-235-3-75.pppoe.voronezh.ertelecom.ru  (188.235.3.75:4899)

Remove produpd.exe - Powered by Reason Core Security