» update.exe
Overview
Analysis
File Details
Downloads (1)

update.exe

Microsoft .NET Framework 4.5

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable update.exe, “Microsoft .NET Framework.exe” has been detected as malware by 34 anti-virus scanners. This is a setup program which is used to install the application. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from download.idmsilent.net.

File name:

update.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft .NET Framework 4.5

Description:

Microsoft .NET Framework.exe

Version:

4.5.50709.60

MD5:

a1f86b2104ac27e6c708339afa5db601

SHA-1:

26f5e7b1072867bffa8615c1dc3da1edfc0d4a4e

SHA-256:

bbe3e2efc313c0a227af6386420327e922ef297d81b4b3ef0b9ee9dbe41e6d3b

Scanner detections:

34 / 68

Status:

Malware

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

11/23/2024 12:35:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.93150

377

Agnitum Outpost

TrojanSpy.KeyLogger

7.1.1

AhnLab V3 Security

Trojan/Win32.Spnr

2015.09.21

Avira AntiVirus

TR/Dropper.MSIL.25399

8.3.2.2

Arcabit

Trojan.Zusy.D16BDE

1.0.0.545

avast!

Win32:Malware-gen

2014.9-160123

AVG

PSW.Generic12

2017.0.2855

Baidu Antivirus

Trojan.MSIL.KeyLogger

4.0.3.16123

Bitdefender

Gen:Variant.Zusy.93150

1.0.20.115

Bkav FE

W32.TrosrameLTAT.Trojan

1.3.0.7237

Comodo Security

UnclassifiedMalware

23271

Dr.Web

Trojan.DownLoader9.28526

9.0.1.023

ESET NOD32

MSIL/Injector.DFD (variant)

10.12282

Fortinet FortiGate

W32/KeyLogger.AJEK!tr

1/23/2016

F-Secure

Gen:Variant.Zusy.93150

11.2016-23-01_7

G Data

Gen:Variant.Zusy.93150

16.1.25

IKARUS anti.virus

Trojan.Win32.Ircbrute

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.210.17270

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.771

Malwarebytes

Backdoor.Agent.WNAGen

v2016.01.23.09

McAfee

RDN/Generic PWS.y!bb3

5600.6511

Microsoft Security Essentials

Trojan:Win32/Malagent!gmb

1.1.12101.0

MicroWorld eScan

Gen:Variant.Zusy.93150

17.0.0.69

NANO AntiVirus

Trojan.Win32.KeyLogger.cwnnui

0.30.24.3283

Panda Antivirus

Generic Malware

16.01.23.09

Qihoo 360 Security

Win32/Trojan.395

1.0.0.1015

Quick Heal

TrojanSpy.MSIL.r3

1.16.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNV.03D714

7.2.23

Trend Micro

TROJ_SPNV.03D714

10.465.23

Vba32 AntiVirus

TrojanSpy.MSIL.KeyLogger

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43916

ViRobot

Trojan.Win32.S.Agent.361984.AH[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Keylogger.Win32.33920

2.0.0.2406

File size:

353.5 KB (361,984 bytes)

Product version:

4.5.50709.60

Original file name:

update.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\update.exe

File PE Metadata

Compilation timestamp:

3/29/2014 9:06:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:Hi7FeM6Vy8zHh9gycNcoVxO1q0acFkKpG04NCoob3Mr9Wi/:Hi7F1+z8/Ni1q0acF5pN4NC7b3MUi

Entry address:

0x5671E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

338 KB (346,112 bytes)

The file update.exe has been seen being distributed by the following URL.

http://download.idmsilent.net/update.exe

Remove update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.