home

upgrade.exe

VIPRE Upgrade Agent

Threattrack Security, Inc.

The executable upgrade.exe, “VIPRE Windows 10 Upgrade Utility” has been detected as malware by 4 anti-virus scanners.
Publisher:
ThreatTrack Security Inc.  (signed by Threattrack Security, Inc.)

Product:
VIPRE Upgrade Agent

Description:
VIPRE Windows 10 Upgrade Utility

Version:
1.0.0.52

MD5:
57d7a08fdb4dfbd9cd5b82a92ef97744

SHA-1:
1fb0347c547de32133c7c51139ec1a1cfa3f6569

SHA-256:
b4713757e84167521e162eec49b288d32354b140e84a8b80841106a228e8562d

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/24/2024 3:27:27 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Neshta
160518-2

F-Prot
W32/Neshta.A!Generic
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.223.1671.0

VIPRE Antivirus
Threat.4297522
49720

File size:
671.1 KB (687,232 bytes)

Product version:
1.0.0.52

Copyright:
Copyright © 2015 ThreatTrack Security, Inc.

Original file name:
VIPRE.Upgrade.Agent

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\upgrade.exe

Digital Signature
Signed by:
Threattrack Security, Inc.

Authority:
DigiCert Inc

Valid from:
7/7/2015 12:00:00 AM

Valid to:
8/24/2017 12:00:00 PM

Subject:
CN="Threattrack Security, Inc.", O="Threattrack Security, Inc.", L=CLEARWATER, S=FL, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
083B5283A9B6FE6464743383083AB153

File PE Metadata
Compilation timestamp:
8/14/2015 1:42:08 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:VIggyEWy5snyyeZc0eQGSUw5HQJVobOrOIH7rxaQ:cBeyqYHQJV7O29aQ

Entry address:
0x3578E

Entry point:
E8, 64, 2F, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, 9E, D3, FF, FF, 8B, 45, 08, 0F, B6, C8, 8B, 45, F0, 8B, 80, 90, 00, 00, 00, 0F, B7, 04, 48, 25, 00, 80, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 4D, F8, 83, 61, 70, FD, 8B, E5, 5D, C3, 55, 8B, EC, 6A, 00, FF, 75, 08, E8, B9, FF, FF, FF, 59, 59, 5D, C3, 55, 8B, EC, 6A, 08, FF, 75, 08, E8, 8D, 30, 01, 00, 59, 59, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56...
 
[+]

Code size:
351 KB (359,424 bytes)

Remove upgrade.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.