home

produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address 473.FR.mserv.xyz on port 444.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
a38498a0f6af6f03dddfa235c278f0eb

SHA-1:
aecde4d9e4f43ea81d2247735242d46becd44ed3

SHA-256:
6095d8f88f95e565e7fbf93cc4ec0584ac30e616ce9b143eea739cc4cf5a0152

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/28/2024 6:14:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Glupteba
17.2.3.9

File size:
528.5 KB (541,184 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
7/10/1997 1:33:36 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x54508

Entry point:
87, D2, 68, 54, 69, 00, 00, F8, 58, 90, 9B, EB, 34, 00, 00, 00, F2, 00, 40, 26, F6, 6A, E1, 20, 5E, EC, 6F, 8D, 2E, 24, 86, D1, F6, D6, FE, C2, EB, A0, 00, 00, 00, 8A, CF, 08, 00, 36, 00, B2, 00, 00, 2D, 67, 00, 62, 7C, 00, F6, 45, 00, 04, BF, 14, 00, 02, F3, B6, 8F, 8A, D1, 66, 81, 90, 00, 24, 48, 00, 34, 6B, 83, C9, 80, F7, D2, F7, C1, 6F, 5E, 75, A4, EB, C3, 00, 00, 00, 00, 00, 9D, 00, 2B, 69, 66, 77, 00, 00, 74, D0, 00, DE, BC, 03, 86, 14, FA, 00, C6, D6, 8A, BB, C9, 00, 92, 8A, F3, D4, 75, 00, 05, 0E...
 
[+]

Entropy:
6.6852

Code size:
333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to dtc.cifraclub.com  (213.159.212.211:8000)

TCP:
Connects to lenionspeak.com  (217.23.9.202:444)

TCP:
Connects to 473.FR.mserv.xyz  (195.154.230.100:444)

TCP (WHOIS):
Connects to whois.localnet  (213.248.242.41:43)

TCP:
Connects to ns342617.ip-176-31-106.eu  (176.31.106.23:444)

TCP (HTTP):
Connects to webcluster62.webpod1-cph3.one.com  (46.30.211.253:80)

TCP (HTTP SSL):
Connects to sso.suntrust.com  (167.181.46.184:443)

TCP (HTTP SSL):
Connects to srv81-165-240-87.vk.com  (87.240.165.81:443)

TCP (HTTP SSL):
Connects to origin.bay179.mail.live.com  (65.55.157.204:443)

TCP:
Connects to k016.khaki.myloc.de  (93.186.196.16:444)

TCP (HTTP SSL):
Connects to ec2-52-197-76-76.ap-northeast-1.compute.amazonaws.com  (52.197.76.76:443)

TCP (HTTP SSL):
Connects to a88-221-71-104.deploy.akamaitechnologies.com  (88.221.71.104:443)

TCP (HTTP SSL):
Connects to a-0006.a-msedge.net  (204.79.197.208:443)

Remove produpd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.