» update.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

update.exe

Winner Solutions LLC

The application update.exe by Winner Solutions has been detected as a potentially unwanted program by 3 anti-malware scanners. This file is typically installed with the program Winner Download Manager by Winner Solutions LLC which is a potentially unwanted software program. While running, it connects to the Internet address 192.193.28.185.gransy.com on port 80 using the HTTP protocol.

File name:

update.exe

Publisher:

Winner Updater Solutions LLC (signed by Winner Solutions LLC)

Description:

installer.exe

Version:

1.5.3.0

MD5:

52743cc6ef5581ca6eb890597723a5d8

SHA-1:

607a9409805ce3b015d47a31697ccb1d2e0cacaa

SHA-256:

70e14761bf7220857706cdec177a85ce7daf6da46276b52871a7212b89725af4

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 12:56:28 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen4

7.11.180.204

ESET NOD32

Win32/bmMedia.DB

8.10606

Reason Heuristics

PUP.Optional.Installer.G

14.10.25.13

File size:

2.1 MB (2,228,224 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\winnerdm\update.exe

Digital Signature

Signed by:

Winner Solutions LLC

Authority:

VeriSign, Inc.

Valid from:

12/9/2013 2:00:00 AM

Valid to:

12/10/2015 1:59:59 AM

Subject:

CN=Winner Solutions LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Winner Solutions LLC, L=Sankt-Peterburg, S=Sankt-Peterburg, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

62C4C7A64C8A37907F0A31EF11A79AC6

File PE Metadata

Compilation timestamp:

10/17/2014 12:02:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:rtUNaG+VFTPIrD+6XQ6JL6iYcWalW1eDyl+vfC0pUg/lTfdxOspRVd4xbWfFwl8x:rtUN+VFTwW6A6Jux1a8eDw+3bpVzSblG

Entry address:

0x35C1

Entry point:

55, 89, E5, 81, EC, 44, 01, 00, 00, 89, D9, 02, 3D, AC, 1E, 40, 00, 68, B9, 80, 3F, 00, E8, 14, 26, 01, 00, 6A, 00, FF, 15, 20, 32, 43, 00, 68, C0, 73, 43, 00, 8D, 8D, D4, FB, FF, FF, 51, FF, 15, FC, 31, 43, 00, 3B, C3, 74, 1F, 68, 68, 72, 43, 00, E8, E3, E6, 00, 00, 8B, 75, 1C, 83, C4, 1C, 8B, 45, FC, 8B, 0D, E8, 70, 43, 00, 89, 48, 10, 8B, 45, FC, 8A, 40, 04, 24, 82, 3C, 82, 74, E8, 8B, 45, DC, 89, 47, FC, FF, 75, D8, FF, 75, 10, FF, 75, 0C, 8B, 4B, 0C, 56, FF, 35, 04, 72, 43, 00, FF, 15, 18, 32, 43, 00... 
[+]

Entropy:

6.7182

Code size:

200 KB (204,800 bytes)

The file update.exe has been discovered within the following program.

Winner Download Manager by Winner Solutions LLC

Publisher's description - “Additional software may be offered to you via opt-in ads during the installation process. Support for torrent files and p2p networks.”

winnerdownloadmanager.com

About 77% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 192.193.28.185.gransy.com (185.28.193.192:80)

Remove update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.