updates.exe

The executable updates.exe has been detected as malware by 1 anti-virus scanner.
MD5:
7a00e996c75e050125db8914c28cb886

SHA-1:
7936db2443d88fb641f25b95af035eca8ddc9dda

SHA-256:
6804156a330912f6866f1cbd92e090794e9c59adf7964aedc1a9ede144876621

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 2:41:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Downloader.UP (M)
17.2.22.14

File size:
352 KB (360,448 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
1/24/2011 6:29:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x17EC

Entry point:
FE, C3, 56, 68, 95, CF, 63, 00, 70, 01, 4D, 8D, 2D, 48, 21, 1F, 8E, 04, B4, 69, EE, 97, EC, 74, 32, 88, FF, B9, 14, 52, F5, 8B, 89, FA, 0F, AF, FE, B7, BB, 88, D8, E8, 00, 00, 00, 00, 5E, 71, 08, 8A, CD, F6, C7, AC, 0F, AF, C9, 69, F8, C2, 50, C8, E3, 71, 03, 4B, 89, E9, 0F, AF, D9, FF, CB, 34, F8, 74, 02, 88, C3, 15, B3, 0A, E9, 1F, 2B, D2, 4B, BA, 97, D4, 01, 00, 0F, B6, C3, 81, C2, 52, 5C, 01, 00, F7, C2, E5, 92, 93, 4C, 2B, EA, 86, CC, C6, C3, F4, 86, EB, 81, C5, 44, 45, 02, 00, FF, C2, 51, 68, 0A, A4...
 
[+]

Entropy:
3.3270

Code size:
36 KB (36,864 bytes)

Windows Firewall Allowed Program
Name:
updates


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-0-227-11.compute-1.amazonaws.com  (52.0.227.11:443)

TCP (HTTP):
Connects to 147.62.236.23.bc.googleusercontent.com  (23.236.62.147:80)

TCP (HTTP):
Connects to ns8914.dotvndns.vn  (112.213.89.14:80)

Remove updates.exe - Powered by Reason Core Security