home

updater.exe

gt_updat 应用程序

Beijing Perfect World Network Technology Co.,Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from download.gt.17y.com.
Publisher:
Beijing Perfect World Network Technology Co.,Ltd.  (signed and verified)

Product:
gt_updat 应用程序

Version:
2, 0, 0, 1

MD5:
8e7a6f9961665a85e623e8ea8d2117bb

SHA-1:
5b5d798a44c8f663ebabd1b9dc2b501480a56f46

SHA-256:
476297d059521a46ecf4ebd96cc6d6a173b5ab42b31be17504801be1d890cdd5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
3/11/2025 6:45:51 PM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
360.8 KB (369,496 bytes)

Product version:
2, 0, 0, 1

Copyright:
Copyright (C) 2014

Original file name:
gt_updat.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\roaming\gt\1.25.7.3840\bin\updater.exe

Digital Signature
Signed by:
Beijing Perfect World Network Technology Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/6/2012 1:00:00 AM

Valid to:
5/6/2015 1:59:59 AM

Subject:
CN="Beijing Perfect World Network Technology Co.,Ltd.", OU=System Center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Beijing Perfect World Network Technology Co.,Ltd.", L=Binjing, S=Binjing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
201A0B1D4F32E7AD172D9D9181FAAD6A

File PE Metadata
Compilation timestamp:
6/17/2014 5:19:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:XlxJhWz23NTiZ5McxHSJ6K8tA5EbEB9Vxk/eAhP7t6OxKOOLgLik:XlxG2ZiUI6T8i2EBbxk/ZP7sOxvODk

Entry address:
0x29295

Entry point:
E8, 3E, 0B, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, B8, F0, 7F, 00, 00, 8B, C8, 66, 23, 4D, 0E, 33, D2, 66, 3B, C8, 0F, 95, C2, 8B, C2, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 0E, B9, F0, 7F, 00, 00, 8B, D0, 23, D1, 66, 3B, D1, 75, 2D, DD, 45, 08, 51, 51, DD, 1C, 24, E8, BC, 0B, 01, 00, 48, 59, 59, 74, 14, 48, 74, 0C, 48, 74, 05, 33, C0, 40, 5D, C3, 6A, 02, EB, 02, 6A, 04, 58, 5D, C3, B8, 00, 02, 00, 00, 5D, C3, 25, 00, 80, 00, 00, 8B, C8, 66, 85, D2, 75, 1B, F7, 45, 0C, FF, FF, 0F, 00, 75, 06, 83, 7D...
 
[+]

Code size:
272.5 KB (279,040 bytes)

The file updater.exe has been seen being distributed by the following URL.

http://download.gt.17y.com/gt/1.25.9.3850/.../updater.exe

Scan updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.