home

systemupdate.exe

Old Trafford viewer

IT systems

The application systemupdate.exe, “Old Trafford Stadium” by IT systems has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from 386772.allhotdownload.online.
Publisher:
Old Trafford  (signed by IT systems)

Product:
Old Trafford viewer

Description:
Old Trafford Stadium

Version:
1.725.0.0

MD5:
d1c63db68b9f6c87aa77ec378cc59281

SHA-1:
103dcf1ca643f44eef6e68d6cf0e79267961d41d

SHA-256:
3dc28f1af88ca2342d69b39100a4bfbf70328f51d8c0e3c8176d420249e62a19

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/22/2024 8:18:32 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.ITsystem (M)
16.4.2.23

File size:
835.2 KB (855,227 bytes)

Product version:
1.725.0.0

Copyright:
Old Trafford TM

Original file name:
lz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\systemupdate.exe

Digital Signature
Signed by:
IT systems

Authority:
COMODO CA Limited

Valid from:
2/26/2016 5:30:00 AM

Valid to:
2/26/2017 5:29:59 AM

Subject:
CN="""IT systems""", OU=IT, O="""IT systems""", STREET="street Henri Barbusse, 9-A", L=Kiev, S=Kiev, PostalCode=03150, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7E798AE8057B1CCD5DFB79BBF8B58019

File PE Metadata
Compilation timestamp:
2/29/2016 6:46:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:H/BM8TrJKTjTpDIYvOpK+bO34+c6dNH4mxTmgamVMZ7K5SvKix22lmVRDnaQ:C8PJWXBtvOpKR40eaP+KiY2aRDnaQ

Entry address:
0xACB1

Entry point:
E8, C9, 33, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 08, 58, 41, 00, FF, 15, 20, 00, 41, 00, 85, C0, 75, 18, 56, E8, 6D, 21, 00, 00, 8B, F0, FF, 15, 1C, 00, 41, 00, 50, E8, 1D, 21, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 28, 00...
 
[+]

Entropy:
7.8867  (probably packed)

Code size:
60 KB (61,440 bytes)

The file systemupdate.exe has been seen being distributed by the following URL.

http://386772.allhotdownload.online/download11.php?x=42c34e95b047b121499975787bb622eb&id=XN551&title=keywordrequest

Remove systemupdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.