produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address yandex.ru on port 80 using the HTTP protocol.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
83d1bb260d6c6249ea107039798244d1

SHA-1:
9030168290e2d4319a87df32fd83400607050e16

SHA-256:
9abe171552a07d30c61968f467fc20a656b985d33730e6a647a4909804ad55c7

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 5:39:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Glupteba
17.2.11.11

File size:
529 KB (541,696 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
9/8/2000 1:38:13 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x88AE4

Entry point:
83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 1F, 01, 00, 00, 4B, 66, 4B, 75, FC, 80, E4, 59, 46, FF, 73, 3C, E9, E0, 01, 00, 00, 5B, FF, E5, FF, E6, 7E, A5, 8D, 4B, 09, 6A, FF, FF, 71, 33, 5A, 03, 4C, 1A, 78, 5A, 8B, 79, 17, 42, 8B, 04, 1F, 83, C7, 04, 8D, 74, 18, FD, 3B, 51, 0F, 0F, 83, 8B, 01, 00, 00, 53, 51, 33, C0, 0F, B6, 4E, 03, 6B, C0, 0F, 83, EE, EE, 2B, C1, 8D, 76, EF, 80, 7E, 03, 0A, 0F, 83, E7, FF, FF, FF, E9, 3A, 02, 00, 00, 03, D3, 8B, 71, 0A, 66, 8B, 04, 32, C1, E0, 10, C1, E8...
 
[+]

Entropy:
6.6785

Code size:
333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to icebergcone.com  (91.142.85.224:444)

TCP:
Connects to ih396272.dedic.myihor.ru  (194.67.211.107:444)

TCP:
Connects to p087.purple.myloc.de  (85.114.133.87:444)

TCP (HTTP SSL):
Connects to 3c-bs.gmx.com  (217.72.201.130:443)

TCP (WHOIS):
Connects to whois.nyc3.verisign.com  (199.7.50.74:43)

TCP:
Connects to ns342617.ip-176-31-106.eu  (176.31.106.23:444)

TCP:
Connects to awm.com  (185.31.161.100:444)

TCP (HTTP SSL):
Connects to a104-126-166-68.deploy.static.akamaitechnologies.com  (104.126.166.68:443)

TCP:
Connects to dtc.cifraclub.com  (213.159.212.211:444)

TCP:
Connects to anubisnetworks.com  (195.22.26.248:8000)

TCP:
Connects to unspecified.mtw.ru  (93.95.102.143:444)

TCP (SMTP):
Connects to mail-bn14138.inbound.protection.outlook.com  (207.46.163.138:25)

TCP (HTTP):
Connects to l2top.ru  (91.121.37.31:80)

TCP:
Connects to ih371556.dedic.myihor.ru  (193.124.179.165:444)

TCP (HTTP SSL):
Connects to a23-79-209-251.deploy.static.akamaitechnologies.com  (23.79.209.251:443)

TCP (HTTP SSL):
Connects to a23-223-37-154.deploy.static.akamaitechnologies.com  (23.223.37.154:443)

TCP (HTTP):
Connects to a172-227-89-31.deploy.static.akamaitechnologies.com  (172.227.89.31:80)

TCP:
Connects to 55.33.224.159.triolan.net  (159.224.33.55:20000)

TCP (HTTP):
Connects to yandex.ru  (5.255.255.88:80)

TCP (WHOIS):
Connects to whois.ripe.net  (193.0.6.135:43)

Remove produpd.exe - Powered by Reason Core Security