» produpd.exe
Overview
Analysis
File Details
Network (25)

produpd.exe

Vested Development, Inc

The executable produpd.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address FastDL.MarkServer.ru on port 8000.

File name:

produpd.exe

Publisher:

Vested Development, Inc

Product:

produpd.exe

Version:

2.2.1.23

MD5:

3321fcdd442eaef907a107a2a767d7b8

SHA-1:

ea69492d35d719a9cf0cdb4ee91d1219131d5eff

SHA-256:

486307a6856530028ba5c63aaef71ab9d28db8718430092d8307c053e957c4fd

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/16/2024 6:24:01 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Trojan.Glupteba

17.2.7.8

File size:

529 KB (541,696 bytes)

Product version:

2.2.0.2

Original file name:

produpd.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\vdi\shared\product updater\produpd.exe

File PE Metadata

Compilation timestamp:

2/3/2005 12:08:58 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x82455

Entry point:

83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, B5, 68, 00, 00, 4B, 66, 4B, 75, FC, 8A, C7, B2, 6A, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, E6, 13, 00, 00, 71, DF, 8A, C1, 4E, 46, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C8, B5, 23, 09, DF, 68, 5D, D0, 93, FB, E8, 89, 68, 00, 00, 89, 74, 24, 44, E8, DE, 67, 00, 00, 89, 44, 24, 34, 83, E8, 04, 0F, 82, 1D, 68, 00, 00, 64, A1, 18, 00, 00, 00, 85, C0, 78, 0C, 49, FC, 86, CD, 8B, 40, 34... 
[+]

Entropy:

6.6790

Code size:

333.5 KB (341,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to l094.lemon.myloc.de (93.186.192.94:8000)

TCP:

Connects to FastDL.MarkServer.ru (95.213.143.154:8000)

TCP:

Connects to ns342617.ip-176-31-106.eu (176.31.106.23:8000)

TCP:

Connects to f755.fuchsia.servdiscount-customer.com (85.14.243.91:8000)

TCP (WHOIS):

Connects to whois.dns.pl (193.59.201.49:43)

TCP (HTTP SSL):

Connects to server-54-192-129-177.ams50.r.cloudfront.net (54.192.129.177:443)

TCP (WHOIS):

Connects to old.www.ovh.com (213.186.33.34:43)

TCP:

Connects to nodomen.ru (185.31.161.198:444)

TCP (WHOIS):

Connects to ip-104-238-108-9.ip.secureserver.net (104.238.108.9:43)

TCP (WHOIS):

Connects to ip-104-238-108-1.ip.secureserver.net (104.238.108.1:43)

TCP (HTTP):

Connects to fiord-svo1-99.google.com (93.191.15.99:80)

TCP (HTTP):

Connects to dmoz-beta-shared-a-atc.evip.aol.com (149.174.97.43:80)

TCP:

Connects to anubisnetworks.com (195.22.26.248:8000)

TCP:

Connects to 78.244.135.79.in-addr.arpa (79.135.244.78:8000)

TCP:

Connects to 065.steadyhost.ru (85.17.196.155:8000)

TCP (WHOIS):

Connects to whois.totalregistrations.com (195.206.162.47:43)

TCP:

Connects to unspecified.mtw.ru (93.95.102.143:444)

TCP (HTTP SSL):

Connects to e9430.b.akamaiedge.net (66.211.185.57:443)

TCP (HTTP):

Connects to dtc.cifraclub.com (213.159.212.211:80)

TCP (HTTP):

Connects to bar-navig.yandex.ru (213.180.193.75:80)

Remove produpd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.