UpdatePlatform.exe

Update Platform Application

Beijing Zhihuimen Techology co,.Ltd

The application UpdatePlatform.exe by Beijing Zhihuimen Techology co,.Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd. This file is typically installed with the program Tools Update Platform by Beijing Zhihuimen Techology co,.Ltd.
Publisher:
Beijing Zhihuimen Techology co,.Ltd  (signed and verified)

Product:
Update Platform Application

Version:
5.0.0.57

MD5:
16d030926bd033ffa65786b2654f506f

SHA-1:
56982869b79435db710cf6f29539a97d54a90251

SHA-256:
96545840293894b6aa46cfcab6e5a80d35cbfe87a0f0858f617e65137291c079

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 3:02:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Toptools (M)
16.8.19.12

File size:
578.7 KB (592,632 bytes)

Product version:
5.0.0.57

Copyright:
Copyright (C) 2015

Original file name:
UpdatePlatform.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\toolsupdateplatform\updateplatform.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/20/2015 2:00:00 AM

Valid to:
3/20/2016 1:59:59 AM

Subject:
CN="Beijing Zhihuimen Techology co,.Ltd", OU=Dev, O="Beijing Zhihuimen Techology co,.Ltd", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CD09515CC4DCE7B71D57D559E0AF51C

File PE Metadata
Compilation timestamp:
9/18/2015 12:13:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:UcI+8/DFKHzqdeGme34Xl9aqaj+qYyFxtfrgoQND7ppCKOuQs6yXnlSCRAkluZ5Y:TmDFKHzqdZmeK9axSoQND7IuQs3XlSCD

Entry address:
0x5581A

Entry point:
E8, AC, E3, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, E4, E3, 48, 00, 00, 74, 05, E9, 3C, E4, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1...
 
[+]

Entropy:
6.5000

Code size:
462 KB (473,088 bytes)

Program Uninstaller
Program name:
Tools Update Platform

Display publisher:
Beijing Zhihuimen Techology co,.Ltd

Display version:
5.0.0.57

Uninstall string:
C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe Uninstall Force


The file UpdatePlatform.exe has been discovered within the following programs.

Tools Update Platform  by Beijing Zhihuimen Techology co,.Ltd
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-107-23-145-180.compute-1.amazonaws.com  (107.23.145.180:80)

TCP (HTTP):
Connects to ec2-52-55-156-20.compute-1.amazonaws.com  (52.55.156.20:80)

TCP (HTTP):
Connects to ec2-34-192-147-223.compute-1.amazonaws.com  (34.192.147.223:80)

TCP (HTTP):
Connects to a23-204-149-152.deploy.static.akamaitechnologies.com  (23.204.149.152:80)

TCP (HTTP):
Connects to ec2-52-202-118-125.compute-1.amazonaws.com  (52.202.118.125:80)

TCP (HTTP):
Connects to ec2-52-205-101-0.compute-1.amazonaws.com  (52.205.101.0:80)

TCP (HTTP):
Connects to ec2-52-200-155-121.compute-1.amazonaws.com  (52.200.155.121:80)

TCP (HTTP):
Connects to ec2-34-194-98-23.compute-1.amazonaws.com  (34.194.98.23:80)

Remove UpdatePlatform.exe - Powered by Reason Core Security