home

upg.exe

MFCXY Inc

This is a setup program which is used to install the application. The file has been seen being downloaded from dl-mail.ymail.com.
Publisher:
MFCXY Inc  (signed and verified)

MD5:
2c3f5a517f63ad5dc95a174f5ac9e39e

SHA-1:
e94426af7cd50c9906d60d0308fa77fc219ad728

SHA-256:
4c9e9a7655e46189b434a538a972afda53171ea561f3a88a6a1b4a9af46d60c0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 10:04:37 AM UTC  (today)

File size:
2.3 MB (2,452,552 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\myfreecams\upg.exe

Digital Signature
Signed by:
MFCXY Inc

Authority:
COMODO CA Limited

Valid from:
5/9/2014 3:00:00 AM

Valid to:
5/9/2017 2:59:59 AM

Subject:
CN=MFCXY Inc, O=MFCXY Inc, STREET=2123 Warwick Lane, L=Glenview, S=IL, PostalCode=60026, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
21872C63EC488AC8234A27DDD7AE75

File PE Metadata
Compilation timestamp:
3/8/2016 9:18:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:7bMrSJ2K8oGDnMEmjjY+qqZqP8EBGDuUV4YOgd2fsrf+w:UrSJ2FMEmjj4BGDuUHfr

Entry address:
0xA0CA2

Entry point:
E8, D8, 1E, 01, 00, E9, 89, FE, FF, FF, E8, FC, 70, 00, 00, 8B, 48, 6C, 3B, 0D, 50, D9, 4E, 00, 74, 10, 8B, 0D, 08, D7, 4E, 00, 85, 48, 70, 75, 05, E8, 52, 8A, 00, 00, A1, 60, D1, 4E, 00, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 33, C0, 50, 50, 50, 50, 50, 50, 50, 50, 8B, 55, 0C, 8D, 49, 00, 8A, 02, 0A, C0, 74, 09, 83, C2, 01, 0F, AB, 04, 24, EB, F1, 8B, 75, 08, 83, C9, FF, 8D, 49, 00, 83, C1, 01, 8A, 06, 0A, C0, 74, 09, 83, C6, 01, 0F, A3, 04, 24, 73, EE, 8B, C1, 83, C4...
 
[+]

Code size:
782 KB (800,768 bytes)

The file upg.exe has been seen being distributed by the following URL.

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-03owna3vwyAq-_z_1K48ZgUsu7nK8XQ7eG4qv0VjQDCjA-PoLniCAhmaUeWXm4vh/messages/@.id==AOfkimIAACdyVz6D6wr4mAKU6jo/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBZy0J0kc5TQKU-pQcsBzXN-hhV_mnz5UA9Fc6pBF2lehHxfeQU2yNBTpTOLrpInB3saXYsR4RvwvgV3QYEmzl84&error=https://mg.mail.yahoo.com/.../iframemsg?id=73395ee5-ecd7-d0f3-3cf8-0a620a72726a&ymreqid=13ca6b91-b92c-f053-0170-e9000c010000

Scan upg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.