update.exe

Cherished Technology Limited

The application update.exe by Cherished Technology Limited has been detected as adware by 13 anti-malware scanners. Additionally, the file is typically installed by a number of programs including eSafe Security Control 1.0.0.2359 by eSafe Security Co., Ltd. and WPM17.8.0.3442 by Cherished Technololgy LIMITED.
Publisher:
Cherished Technology Limited  (signed and verified)

MD5:
6a7650629d7e885c158ff3308ce1d2bc

SHA-1:
f215e4462f6aafc04003d90fbfc332dbed50bf70

SHA-256:
f7b68bdbe8bf40221c92031fa3265bcedd77ac0f80f68417ea2111cfd1ac1c18

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/23/2024 11:40:18 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.WProtManager
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.136.138

avast!
Win32:Dropper-NYA [Drp]
2014.9-140911

AVG
Cherished
2015.0.3354

Baidu Antivirus
Trojan.Win32.WPM
4.0.3.14911

Dr.Web
Trojan.StartPage.63930
9.0.1.0254

Fortinet FortiGate
Adware/WProtManager
4/12/2014

IKARUS anti.virus
not-a-virus:AdWare.Win32.WProtManager
t3scan.2.2.29

Kaspersky
not-a-virus:AdWare.Win32.WProtManager
14.0.0.4026

McAfee
Artemis!4076068E1653
5600.7010

Reason Heuristics
PUP.CherishedTechnologyLimited.G
14.2.26.5

Trend Micro House Call
TROJ_GEN.F47V0227
7.2.102

Vba32 AntiVirus
AdWare.WProtManager.b
3.12.24.3

File size:
6 MB (6,272,624 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\wpm\update\update.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/30/2013 4:56:37 PM

Valid to:
10/31/2014 4:56:37 PM

Subject:
CN=Cherished Technology Limited, O=Cherished Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210CA3D3C040F38E7317C765ABB45E0BCB

File PE Metadata
Compilation timestamp:
2/24/2014 3:55:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:t8Fl5MRYhIT5Cc3XpREXtwgZm3rxwP2n6mcwyMndplCUbMlq8+O/5bZJgJoHExZj:tlRg45NnUXtw9xwe6TUplUVZbZCJPZj

Entry address:
0x154EC

Entry point:
E8, C7, 97, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, FF, 0C, 00, 00, 6A, 16, 5E, 89, 30, E8, CB, 73, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, E1, 0C, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 96, EB, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 7D, 8F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D...
 
[+]

Entropy:
7.9838  (probably packed)

Code size:
257 KB (263,168 bytes)

The file update.exe has been discovered within the following programs.

eSafe Security Control 1.0.0.2359  by eSafe Security Co., Ltd.
Publisher's description - “eSafe provides content security, data control, and data leak prevention (DLP) solutions for incoming and outgoing Internet traffic through the edge of the network, including web surfing (web security gateway) and messaging (mail security gateway).”
www.safenet-inc.com/data-protection/content-security-esafe
About 9% of users remove it
WPM17.8.0.3442  by Cherished Technololgy LIMITED
WPM is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

Remove update.exe - Powered by Reason Core Security