» WindowsActivationUpdate.exe
Overview
Analysis
File Details
Programs (1)
Downloads (68)

WindowsActivationUpdate.exe

Windows Activation Technologies Update Web Installer

Microsoft Corporation

File name:

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

Windows Activation Technologies Update Web Installer

Version:

7.1.7600.16395 (win7_gdr_oob_gaoob(wmbla).100127-1757)

MD5:

6868295ca1a0950b9d6b8531738d23ee

SHA-1:

8855ce38d698cb068421bd5d39380c7315ec5899

SHA-256:

7be53af818245b1a52fccf72557a6fcdad35a36adcf33f8920bd516cd932e92d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/16/2024 10:25:06 PM UTC (today)

File size:

155.4 KB (159,144 bytes)

Product version:

7.1.7600.16395

Original file name:

WindowsActivationUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\windowsactivationupdate.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

7/13/2009 7:00:18 PM

Valid to:

10/13/2010 7:10:18 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6105F71E000000000032

File PE Metadata

Compilation timestamp:

1/27/2010 9:04:55 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:sLjywQDt33JWk66ZYhkgC4Yc4Ex0C9mioS4xtBr+RN/hnMCfR/itAUmCK:sKwWHJWk6OzRPsorvBMZR/MAUmCK

Entry address:

0x7DB7

Entry point:

E8, 15, 03, 00, 00, E9, 4D, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 00, A0, 00, 01, 75, 03, C2, 00, 00, E9, 91, 03, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 44, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 70, 12, 00, 01, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 68, 12, 00, 01, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2B, 83, 78, 10, 03, 75, 25, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75... 
[+]

Entropy:

5.4425

Code size:

33 KB (33,792 bytes)

The file WindowsActivationUpdate.exe has been discovered within the following program.

360Amigo System Speedup Free by 360Amigo

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).

www.360amigo.com

53% remove it

The file WindowsActivationUpdate.exe has been seen being distributed by the following 50 URLs.

http://182.190.4.107/data/0476f02736624806/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://softcache.connect.net.pk:443/download/E/5/6/.../WindowsActivationUpdate.exe

http://78.159.163.23:9203/E1C74DD49F3F7D0F8579966C87D1BA796834E8149C651E4641A5FD08D9A883F01CA3C5308E2E553EEEFD8C090/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

https://onedrive.live.com/download.aspx?cid=F81E53AAE684C584&authKey=!AFy_uXIbQRjn4LM&resid=F81E53AAE684C584!628&canary=Qghl7KqStV LoZa1dO4y wpNmB 14nf eVqqwnWmS s=1&ithint=.exe

http://177.205.9.165/data/f885406006a69a33/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://177.205.9.193/data/866cc070073c2eed/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://rarlab.com/.../wrar531pl.exe

http://43.255.113.227/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://211.76.113.82/data/af7e60f07f590797/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

https://doc-08-10-docs.googleusercontent.com/docs/securesc/ot06op2acmuj2s61b67t7hi6nnmd4jfj/g5ia2406rnfi0j7nv1fscooho54bq02f/1464112800000/.../00058073127600108751/0BwhIyGDnPFcWWGZHdjU3VFVOS00?e=download

http://182.190.3.130/data/0007439623ea4a7a/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

https://mega.nz/persistent/.../9QJlgKYT

http://212.131.108.154/data/000e433447ce55b8/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://212.131.57.190/data/6c07302066271ad2/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://177.205.9.209/data/913e60f054e01c05/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://49.158.221.250/data/02d432795a18e6d6/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://www.rarlab.com/.../wrar54br.exe

http://41.206.65.49/msupdate/E/5/6/.../WindowsActivationUpdate.exe

http://222.165.175.166/data/8724709050445db8/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://182.190.4.114/data/019e031d7951cb76/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://182.176.139.125/data/017a92104346ec5c/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://62.8.79.10/data/00c3d2f8461b4c52/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://187.72.248.53/data/fa25e0a04b203f9d/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://ultradownloads.com.br/.../2,938137.html

http://dc341.4shared.com/download/.../WindowsActivationUpdate.exe

http://182.190.3.130/data/56c7b04035a0bcb5/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://177.205.9.217/data/123af0901209f0e5/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://223.196.82.200/msupdate-hijack/id/E/5/6/.../WindowsActivationUpdate.exe/original/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://177.205.9.217/data/a4da60a05f945ca1/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

http://187.72.248.53/data/bbbb70506d790aa1/download.microsoft.com/download/E/5/6/.../WindowsActivationUpdate.exe

Latest 30 of 68 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.