» update.exe
Overview
Analysis
File Details
Programs (1)

update.exe

Cherished Technology Limited

The application update.exe by Cherished Technology Limited has been detected as adware by 6 anti-malware scanners. This file is typically installed with the program WPM17.8.0.3442 by Cherished Technololgy LIMITED which is a potentially unwanted software program.

File name:

update.exe

Publisher:

Cherished Technology Limited (signed and verified)

MD5:

336e9a16396f117ae59cd01bfcc092ef

SHA-1:

2133e6df6dfb0a57d655061e7096f931297b5736

SHA-256:

ad558a3cfc3d254b7110eea921b843a94678bd87cc1c88a8050ba5d2f07ccba5

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

11/23/2024 10:52:22 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen2

7.11.154.144

avast!

Win32:Dropper-NYA [Drp]

2014.9-140612

AVG

Cherished

2015.0.3446

Dr.Web

Trojan.StartPage.63930

9.0.1.0163

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.CherishedTechnologyLimited.G

14.6.12.6

File size:

5.2 MB (5,400,688 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\wpm\update\update.exe

Digital Signature

Signed by:

Cherished Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

10/30/2013 10:56:37 AM

Valid to:

10/31/2014 10:56:37 AM

Subject:

CN=Cherished Technology Limited, O=Cherished Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11210CA3D3C040F38E7317C765ABB45E0BCB

File PE Metadata

Compilation timestamp:

2/24/2014 9:55:49 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:r8F8VhkvUEkbfEvSu2typiw69EwDNYOlUj7X842JqMQaARACypU:r8UUet5w1kNY5jghA+AKBpU

Entry address:

0x154EC

Entry point:

E8, C7, 97, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, FF, 0C, 00, 00, 6A, 16, 5E, 89, 30, E8, CB, 73, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, E1, 0C, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 96, EB, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 7D, 8F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D... 
[+]

Code size:

257 KB (263,168 bytes)

The file update.exe has been discovered within the following program.

WPM17.8.0.3442 by Cherished Technololgy LIMITED

WPM is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.

80% remove it

Remove update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.