home

update.exe

CltMng

The application update.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.downrump.com.
Publisher:
CltMng

Product:
CltMng

Description:
CltMng ud

Version:
6.0.8.2

MD5:
9c365971f365038e9a75397cf57ee793

SHA-1:
6dba1356f1b5240ef0c9cc61500215d6e8edcc04

SHA-256:
2363739c84f472162fb56cb756b4ff14c7eca1a7402f58af33748494e607f955

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
1/8/2025 4:32:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.187118
619

avast!
Win32:Malware-gen
2014.9-150526

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15526

Bitdefender
Gen:Variant.Adware.Graftor.187118
1.0.20.730

Dr.Web
Adware.Mutabaha.295
9.0.1.0146

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.187118
8.15.05.26.04

ESET NOD32
Win32/ELEX.BF potentially unwanted (variant)
9.11617

Fortinet FortiGate
Riskware/Elex
5/26/2015

F-Secure
Gen:Variant.Adware.Graftor
11.2015-26-05_3

G Data
Gen:Variant.Adware.Graftor.187118
15.5.25

K7 AntiVirus
Adware
13.203.15889

McAfee
Artemis!9C365971F365
5600.6753

MicroWorld eScan
Gen:Variant.Adware.Graftor.187118
16.0.0.438

NANO AntiVirus
Riskware.Win32.Mutabaha.dqnafz
0.30.24.1357

Trend Micro House Call
TROJ_GEN.R02SC0ODD15
7.2.146

Trend Micro
TROJ_GEN.R02SC0ODD15
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
40188

File size:
4.9 MB (5,163,008 bytes)

Product version:
6.0.8.2

Copyright:
Copyright (C) 1998

Original file name:
CltMng.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\ProgramData\application data\windowsmangerprotect\update\update.exe

File PE Metadata
Compilation timestamp:
4/7/2015 11:52:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:wD9EL1Nx/6799k3AXKgX4mBQBNiEhh8X65/wPU7zwre51ZI:wB+X/67t6mBKDh8Kmwse51ZI

Entry address:
0xC8A2

Entry point:
E8, C0, 75, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 5C, 66, 44, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, 3F, 44, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 5C, 66, 44, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6...
 
[+]

Entropy:
7.7977  (probably packed)

Code size:
205.5 KB (210,432 bytes)

The file update.exe has been seen being distributed by the following URL.

http://www.downrump.com/Public/softs/zip/20150407/.../zipaa.exe

Remove update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.