updates.exe

The executable updates.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Updates’.
MD5:
09a263bb41fe10a28cfe7ea111eed97f

SHA-1:
6fd6634d2465791d9e480626ac914557890af8f9

SHA-256:
3f0a6bf69f5ec6c80341bd1ee10d359fe7043b5df2fe2e2ace31e7efac35ec2b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/23/2024 3:36:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Downloader.UP (M)
17.3.7.20

File size:
160 KB (163,840 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
9/17/2074 1:55:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x17EC

Entry point:
23, D5, 8B, DD, 89, C2, F6, C7, 4E, 2B, C2, 4F, 85, D6, C6, C0, CA, 86, CB, 0F, B6, F2, B0, FD, 8B, C8, 86, C2, 4D, 89, CF, E8, 22, 00, 00, 00, 85, D1, 76, 02, B6, 2E, 85, C3, 8B, C8, 8B, CE, BD, CA, E8, 17, 72, 0F, AF, CF, 8D, 11, 4E, 2A, C9, 0F, BF, DD, 4B, 2B, C2, 74, 01, F2, 87, DF, FF, C1, C6, C3, 76, 0F, B6, EE, 8B, C2, 85, ED, 8D, 35, FA, 75, 92, 12, BD, 67, A7, 00, 00, 8D, 1D, 6D, 9B, 1D, EA, 81, F5, 60, 2D, 00, 00, 84, DC, 34, 7F, 29, D7, 81, F5, 1F, 0F, 00, 00, 80, E5, C4, 0F, C1, EA, 05, D3, 21...
 
[+]

Entropy:
6.1325

Code size:
36 KB (36,864 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Updates

Command:
C:\updates.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to srv2.ampyazilim.com.tr  (37.230.104.89:80)

TCP (HTTP):
Connects to 93-89-226-17.fbs.com.tr  (93.89.226.17:80)

TCP (HTTP):
Connects to CHHOSTW03.net4.com  (118.67.248.123:80)

TCP (HTTP):

Remove updates.exe - Powered by Reason Core Security