home

uacsoftwareupdatesa.exe

The application uacsoftwareupdatesa.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from cdn2.wemearequenche.com.
Description:
For Windows

Version:
1.0.2.0

MD5:
0f253199201c7b44161bb0565efbe9e4

SHA-1:
18a27b599199f1b0634c6f7f8101cfbf1dacd13b

SHA-256:
d77a123d1efcb1eafc19e48531b35fb60b33328a3027d69478073f52bc71172f

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:32:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Dropper-gen [Drp]
2014.9-150801

Baidu Antivirus
Hacktool.Win32.Komodia
4.0.3.1581

Dr.Web
Adware.Superfish.9
9.0.1.0213

ESET NOD32
Win32/Komodia.A potentially unsafe (variant)
9.11425

G Data
Win32.Trojan.Agent.5T3PFF
15.8.25

K7 AntiVirus
Unwanted-Program
13.202.15486

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.1649

McAfee
Artemis!0F253199201C
5600.6687

NANO AntiVirus
Trojan.Win32.Superfish.dpgkyz
0.30.8.659

Panda Antivirus
Generic Suspicious
15.08.01.06

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
Downloader.Agent.r5 (Not a Virus)
8.15.14.00

Sophos
Generic PUA BI
4.98

Trend Micro House Call
Suspicious_GEN.F47V0404
7.2.213

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

File size:
5.8 MB (6,112,824 bytes)

Product version:
1.0.2.0

Copyright:
ֲ© 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\uacsoftwareupdatesa.exe

File PE Metadata
Compilation timestamp:
12/6/2009 3:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:DiKQ6AL/3baIo5XRl0abQ0ZfVPBtwkdnab7NTgLbxHAest1owa6:DiFP/38PSEQ2NPPwkdabh81gesL

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9993

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file uacsoftwareupdatesa.exe has been seen being distributed by the following URL.

http://cdn2.wemearequenche.com/.../UACSoftwareUpdateSA.exe

Remove uacsoftwareupdatesa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.