update.exe

Fu Yu

The application update.exe by Fu Yu has been detected as adware by 4 anti-malware scanners. This file is typically installed with the program WindowsProtectManger20.0.0.339 by Fuyu LIMITED which is a potentially unwanted software program.
Publisher:
Fu Yu  (signed and verified)

MD5:
b95551c8e5a4637eda14953503773552

SHA-1:
a16e3b765d9d57925a5a394e13060b949bf3b56f

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/27/2024 12:26:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.154.162

avast!
Win32:Dropper-NYA [Drp]
2014.9-140616

Reason Heuristics
PUP.Optional.FuYu.G
14.8.19.19

Trend Micro House Call
Suspicious_GEN.F47V0612
7.2.167

File size:
5.2 MB (5,400,656 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\windowsprotectmanger\update\update.exe

Digital Signature
Signed by:

Authority:
WoSign CA Limited

Valid from:
3/12/2014 5:09:17 PM

Valid to:
3/12/2015 5:09:17 PM

Subject:
CN=Fu Yu, E=andreafuyu@gmail.com, L=丽水市, S=浙江省, C=CN

Issuer:
CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
1DDE9DD81089F1E49F8985695790CC53

File PE Metadata
Compilation timestamp:
5/20/2014 3:58:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:arPQrhkvUMcbfEvSe2tyRiw69EwDNYOlUj7X842JqMQaARACyr7f3:adUsGtJw1kNY5jghA+AKBr7v

Entry address:
0x13E8C

Entry point:
E8, B7, 97, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, FF, 0C, 00, 00, 6A, 16, 5E, 89, 30, E8, BB, 73, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, E1, 0C, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 96, EB, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 6D, 8F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D...
 
[+]

Entropy:
7.9788  (probably packed)

Code size:
251.5 KB (257,536 bytes)

The file update.exe has been discovered within the following program.

Developed by Ma Lin this is a potentially unwanted software program that is typically installed without the user's consent and is billed as a security product but instead bundles additional unwanted software.
84% remove it
 
Powered by Should I Remove It?

Remove update.exe - Powered by Reason Core Security