home

SUpdat.exe

Beijing Xingyunwang Technology Co., Ltd

The file SUpdat.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
UDa  (signed by Beijing Xingyunwang Technology Co., Ltd)

Product:
UDa

Version:
16.6.0.9

MD5:
90bbd6fedf6746eb8ae24c85dc9d68d9

SHA-1:
d7c9d9d31bda7c87bddae90d6989a3c84b8e7728

SHA-256:
a35c509a9167ce077961078aaee3d4a8b09abc2de93a33a42af1001b194eab8c

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/30/2024 3:27:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.16.22

File size:
6 MB (6,301,920 bytes)

Product version:
16.6.0.9

Copyright:
Copyright (C) 2016

Original file name:
SUpdat.exe

Language:
Chinese

Common path:
C:\ProgramData\chelfnotify\bit6950.tmp

Digital Signature
Signed by:
Beijing Xingyunwang Technology Co., Ltd

Authority:
thawte, Inc.

Valid from:
10/11/2016 9:00:00 PM

Valid to:
6/17/2017 8:59:59 PM

Subject:
CN="Beijing Xingyunwang Technology Co., Ltd", O="Beijing Xingyunwang Technology Co., Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
37C95D68E039C413A369BBFBACD3FF67

File PE Metadata
Compilation timestamp:
10/11/2016 12:53:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:z+edZ0Ux9hBUZ/Jf5mgBvC/DWKugZxp2lD+bI3O8ZmeM5CRa98OLuEWa:/vt3hkJf5mxDTuSxp2B6cOIMc42OaEJ

Entry address:
0x10A56

Entry point:
E8, 78, AE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 88, F8, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 68, D7, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 88, F8, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
132.5 KB (135,680 bytes)

Remove SUpdat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.