home

Update.EXE

IncUpdate

LionSea Software co., ltd

The application Update.EXE by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Sunisoft  (signed by LionSea Software co., ltd)

Product:
IncUpdate

Description:
Online Updater

Version:
2010.8.16.280

MD5:
35ab8469911c965dd25da1de90404126

SHA-1:
f17fc12e793b1012e047399d1dc2c2b9ab06900b

SHA-256:
60556b2e4ad1dc9228791a40732ee5e21f03c8f3605dbbf94b6f01ed8e844c9c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 2:20:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LionSea (M)
16.8.6.13

File size:
849.3 KB (869,671 bytes)

Product version:
3

Copyright:
Copyright(c) 2003-2010, Sunisoft

Original file name:
Update.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\drivertuner\update\update.exe

Digital Signature
Signed by:
LionSea Software co., ltd

Authority:
Symantec Corporation

Valid from:
5/18/2016 12:00:00 AM

Valid to:
7/17/2019 11:59:59 PM

Subject:
CN="LionSea Software co., ltd", O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59ACFBA6E3C65985E3C197DEF1765A78

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:S4+LQMciyYSZ2TJGZw8+oixM/O+7MVG3tl:iUXiBhJGd+oia/OUFr

Entry address:
0x1EB001

Entry point:
BB, 9B, 4A, 1F, 34, 93, E9, 20, 01, 00, 00, B8, 5E, C1, BD, 69, ED, C1, BD, F9, 22, 4B, 41, 41, C1, 41, 41, A5, 41, 41, 41, A0, 72, 77, 72, 71, 72, 7A, 78, 77, 41, 41, 41, B5, A2, BB, A6, A3, A2, AE, A2, 6F, A5, AD, AD, 41, 41, 41, 41, 9D, 41, 41, 41, 87, B3, A6, A6, 8D, AA, A3, B3, A2, B3, BA, 41, 84, B3, A6, A2, B5, A6, 85, AA, B3, A6, A4, B5, B0, B3, BA, 82, 41, 41, 41, 41, 88, A6, B5, 98, AA, AF, A5, B0, B8, B4, 85, AA, B3, A6, A4, B5, B0, B3, BA, 82, 41, 41, 41, 41, 88, A6, B5, 8E, B0, A5, B6, AD, A6...
 
[+]

Code size:
1.4 MB (1,472,512 bytes)

Remove Update.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.