» update64bits.exe
Overview
Analysis
File Details
Behaviors (1)

update64bits.exe

Microsoft© Windows© Operating System

The executable update64bits.exe, “Windows Defender User Interface” has been detected as malware by 28 anti-virus scanners.

File name:

update64bits.exe

Product:

Microsoft© Windows© Operating System

Description:

Windows Defender User Interface

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

e5ba237c2f5d15470f8b8b77cb57da27

SHA-1:

a3491f3e5ec49775817c79986b007824898fed81

SHA-256:

d08d62e481923d28f128c869229b0d51df85d56e256e2cbae6cddb675857f80d

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/1/2025 8:35:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.224091

-40

AegisLab AV Signature

Troj.W32.Gen.lZj2

2.1.4+

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.Zusy.D36B5B

1.0.0.795

avast!

Win32:Malware-gen

2014.9-170315

AVG

Generic38

2018.0.2438

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17315

Bitdefender

Gen:Variant.Zusy.224091

1.0.20.370

Dr.Web

Trojan.KillProc.51615

9.0.1.074

Emsisoft Anti-Malware

Gen:Variant.Zusy.224091

8.17.03.15.08

ESET NOD32

MSIL/TrojanDropper.Agent.CXN (variant)

11.15038

Fortinet FortiGate

MSIL/Agent.CXN!tr

3/15/2017

F-Secure

Gen:Variant.Zusy.224091

11.2017-15-03_4

G Data

Gen:Variant.Zusy.224091

17.3.25

IKARUS anti.virus

Trojan-Dropper.MSIL.Agent

0.2.1.2

K7 AntiVirus

Riskware

13.10.3.22616

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1314

McAfee

RDN/Generic Dropper

5600.6094

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.1.13504.0

MicroWorld eScan

Gen:Variant.Zusy.224091

18.0.0.222

NANO AntiVirus

Trojan.Win32.Agent.embkxt

1.0.70.15657

Panda Antivirus

Trj/CI.A

17.03.15.08

Quick Heal

Backdoor.Xtreme

3.17.14.00

Sophos

Mal/MSIL-PQ

4.98

Trend Micro House Call

TROJ_GEN.R047C0RC217

7.2.74

Trend Micro

TROJ_GEN.R047C0RC217

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic

56434

ViRobot

Trojan.Win32.Z.Zusy.196615.B[h]

2014.3.20.0

File size:

192 KB (196,615 bytes)

Product version:

6.1.7600.16385

Original file name:

MSASCUI.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\update64bits.exe

File PE Metadata

Compilation timestamp:

2/21/2017 9:53:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

Entry address:

0x28D4E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

155.5 KB (159,232 bytes)

User Start Menu Item

Name:

Update64Bits.exe

Remove update64bits.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.