update.exe

Vistumbler.net

This is a setup program which is used to install the application. This file is installed with the program Vistumbler. The file has been seen being downloaded from raw.githubusercontent.com and multiple other hosts.
Publisher:
Vistumbler.net  (signed and verified)

Version:
3, 3, 9, 4

MD5:
94ad47c738d189305fe5fb20a0cfc90c

SHA-1:
158e4cf74d5ab606d51c924fca142744b6f812a7

SHA-256:
908d7ad0fe602524c42976db3f8962b7cf31d63819bd66676a24c4285c4cc979

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 10:02:45 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
Trojan-Downloader.Autoit.gen
3.12.24.3

File size:
804.9 KB (824,184 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\update.exe

Digital Signature
Signed by:

Authority:
Vistumbler.net

Valid from:
10/17/2010 11:00:00 PM

Valid to:
12/31/2098 11:00:00 PM

Subject:
CN=Andrew Calcutt, O=Vistumbler.net, E=ACalcutt@vistumbler.net

Issuer:
CN=Andrew Calcutt, O=Vistumbler.net, E=ACalcutt@vistumbler.net

Serial number:
63338AFA59A37AB44C3EC63F7BDC6ED3

File PE Metadata
Compilation timestamp:
4/9/2012 7:11:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:xRBk7MpC7tYR4eYLEkiw4PKEgOHS1ZBvKEjGbCAlLxgaJlaJqlYtxa/:xFQeYLbKKEPS1bvKE2JCaJQkYDa/

Entry address:
0x176DC

Entry point:
E8, EB, C2, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, A8, 4B, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 60, 78, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C...
 
[+]

Code size:
535.5 KB (548,352 bytes)

The file update.exe has been discovered within the following program.

Vistumbler  by Vistumbler.net
Publisher's description - “Find Wireless access points - Uses the Vista command 'netsh wlan show networks mode=bssid' to get wireless information GPS Support. Speaks Signal Strength using sound files, windows sound api, or MIDI.”
www.vistumbler.net
39% remove it
 
Powered by Should I Remove It?

The file update.exe has been seen being distributed by the following 2 URLs.

https://raw.githubusercontent.com/RIEI/Vistumbler/ecd8d8e371c7e56771e8c622337c117c5c2de735/.../update.exe

Scan update.exe - Powered by Reason Core Security