updat.exe

The application updat.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
MD5:
7af73c7b1b346453c375841d1d853d86

SHA-1:
9785f6525eaac2d6cf06d2bd7ad7c6f221bb5b25

SHA-256:
19968b145f6a0f50387eed9e0ab20fa269da084c99b20195fe8bc4d689370044

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:11:22 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodf53.Trojan
1.3.0.4924

IKARUS anti.virus
possible-Threat.Crack.AntiTrojanElite
t3scan.2.2.29

Malwarebytes
Riskware.Tool.CK
v2014.05.11.07

Trend Micro House Call
TROJ_SPNR.08CR12
7.2.131

Trend Micro
TROJ_SPNR.08CR12
10.465.11

File size:
665.5 KB (681,472 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\anti trojan elite\updat.exe

File PE Metadata
Compilation timestamp:
10/15/2005 6:16:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
12288:5n1WJAsTOSO4Z9k4bmiZcwOZLEUgZcxodS1E3Ki:5n1WJza+k4ai5+HgoUR

Entry address:
0x12CC

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, 98, 50, 48, 00, A1, 8B, 50, 48, 00, C1, E0, 02, A3, 8F, 50, 48, 00, 52, 6A, 00, E8, 2D, 29, 08, 00, 8B, D0, E8, 7A, 20, 08, 00, 5A, E8, F6, 31, 08, 00, E8, B3, 20, 08, 00, 6A, 00, E8, 8C, 21, 08, 00, 59, 68, 34, 50, 48, 00, 6A, 00, E8, 07, 29, 08, 00, A3, 93, 50, 48, 00, 6A, 00, E9, 43, 32, 08, 00, E9, BA, 21, 08, 00, 33, C0, A0, 7D, 50, 48, 00, C3, A1, 93, 50, 48, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, AC, 00, 00, 00, 0B, C9...
 
[+]

Entropy:
6.4968

Code size:
528 KB (540,672 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.119:80)

Remove updat.exe - Powered by Reason Core Security