update.exe

Mediawave Corporation

The executable update.exe has been detected as malware by 5 anti-virus scanners.
Publisher:
Mediawave Corporation  (signed and verified)

Version:
1.0.0.0

MD5:
9618e22748d8fb24cbbc149acd68972e

SHA-1:
37c127e7cb791cbf8ccccb7a0eb3ca17a5276fa9

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/26/2024 1:29:36 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-160416

Comodo Security
UnclassifiedMalware
18736

ESET NOD32
probably unknown NewHeur_PE
10.10030

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

Qihoo 360 Security
Win32/Trojan.b77
1.0.0.1015

File size:
2.7 MB (2,877,024 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\mediawave\update.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/29/2013 9:00:00 AM

Valid to:
8/29/2014 8:59:59 AM

Subject:
CN=Mediawave Corporation, O=Mediawave Corporation, L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
57F6127244941D42A89BBD9403FA5ED8

File PE Metadata
Compilation timestamp:
3/12/2014 3:03:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:UEIawFRQJySjNa/MUOjCvkmu9EDDPUwy3T6XOD1FkzO3R:XrYnzBvkFEfMRDJ3R

Entry address:
0x252EFC

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 4C, 72, 64, 00, E8, 33, 84, DB, FF, 68, A8, 2F, 65, 00, 6A, FF, 6A, 00, E8, A1, B9, DB, FF, 8B, D8, 85, DB, 74, 7E, E8, AE, BA, DB, FF, 85, C0, 75, 75, A1, DC, FD, 65, 00, 8B, 00, E8, B6, 66, ED, FF, A1, DC, FD, 65, 00, 8B, 00, BA, E0, 2F, 65, 00, E8, 9D, 60, ED, FF, A1, DC, FD, 65, 00, 8B, 00, C6, 40, 5F, 00, A1, DC, FD, 65, 00, 8B, 00, 33, D2, E8, AC, 83, ED, FF, B1, 01, BA, 10, 30, 65, 00, A1, F0, CF, 4D, 00, E8, 87, B9, E9, FF, 8B, 0D, 40, FB, 65, 00, A1, DC, FD, 65, 00...
 
[+]

Entropy:
6.6152

Developed / compiled with:
Microsoft Visual C++

Code size:
2.3 MB (2,430,976 bytes)

Windows Firewall Allowed Program
Name:
C:\Documents and Settings\All Users\Application Data\Mediawave\Update.exe


Remove update.exe - Powered by Reason Core Security