produpd.exe

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address instagram-p3-shv-02-lax3.fbcdn.net on port 80 using the HTTP protocol.
Publisher:
Vested Development, Inc

Product:
produpd.exe

Version:
2.2.1.23

MD5:
9328479f1d42b0fe7e8efa2b091fefba

SHA-1:
e843439c2ed5840f9cc5ae59ccfca5f2ba5c683a

SHA-256:
aa14ab6123300317e71944095b83161dfbad1cb3dc6d5c1743b008c83879a7be

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 12:34:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Glupteba
17.3.7.6

File size:
529 KB (541,696 bytes)

Product version:
2.2.0.2

Copyright:
Copyright © 2016

Original file name:
produpd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata
Compilation timestamp:
4/9/2007 7:41:06 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x88E03

Entry point:
89, C0, 83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 83, CF, 00, 60, 83, EC, DC, 90, 8D, 93, 09, 8A, 3F, 66, E8, 5F, FE, FF, FF, 41, 4B, 66, 4B, 75, FC, 42, B0, 7A, 47, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 8B, C5, 81, D9, E6, 13, 00, 00, 71, DD, 42, 86, D2, 4A, FF, B4, 19, E4, 13, 00, 80, 18, D0, 83, E2, 21, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 8D, 78, 10, 75, BE, 34, 10, 86, C6, BA, 68, 6B, 5C, F8, 68, ED, DB, CC, 54, E8, 86, FC, FF, FF, 89, 74, 24, 44, E9, 87, FC, FF, FF, FF, 54...
 
[+]

Entropy:
6.6823

Code size:
333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-43-132-129.deploy.static.akamaitechnologies.com  (23.43.132.129:443)

TCP (HTTP SSL):
Connects to a95-100-3-235.deploy.akamaitechnologies.com  (95.100.3.235:443)

TCP (HTTP):
Connects to webhotel.dizainer.eu  (153.92.126.68:80)

TCP (HTTP SSL):
Connects to mobileproxy.passport.yandex.net  (213.180.193.115:443)

TCP:
Connects to imap-b-mtc-c.mx.aol.com  (64.12.91.194:993)

TCP (HTTP SSL):
Connects to ec2-52-70-36-202.compute-1.amazonaws.com  (52.70.36.202:443)

TCP (WHOIS):
Connects to whois.nyc3.verisign.com  (199.7.50.74:43)

TCP (HTTP SSL):
Connects to signin.g.ebay.com  (66.211.185.47:443)

TCP (HTTP):
Connects to rightnow.cdn.promodj.com  (91.213.196.100:80)

TCP (HTTP SSL):
Connects to rajf4-1.i.mail.ru  (217.69.142.141:443)

TCP (SMTP):
Connects to p3plibsmtp03-v01.prod.phx3.secureserver.net  (68.178.213.203:25)

TCP (HTTP SSL):
Connects to ip5.23.odnoklassniki.ru  (5.61.23.5:443)

TCP (HTTP):
Connects to instagram-p3-shv-02-lax3.fbcdn.net  (157.240.11.52:80)

TCP (HTTP SSL):
Connects to icanhazip.com  (64.182.208.183:443)

TCP (HTTP SSL):
Connects to edge-star-shv-02-lax3.facebook.com  (157.240.11.17:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-dft4.facebook.com  (31.13.66.36:443)

TCP (HTTP):
Connects to ec2-34-206-29-105.compute-1.amazonaws.com  (34.206.29.105:80)

TCP (HTTP SSL):
Connects to connect.secure.wellsfargo.com  (159.45.2.156:443)

TCP (HTTP SSL):
Connects to a95-100-3-183.deploy.akamaitechnologies.com  (95.100.3.183:443)

TCP (HTTP SSL):
Connects to a95-100-13-206.deploy.akamaitechnologies.com  (95.100.13.206:443)

Remove produpd.exe - Powered by Reason Core Security