× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca24a8f7c04fe15a758f3360c8e5619205c53807bfc65f82c028cdf808bf2189
File name: UpdateTask.exe
Detection ratio: 41 / 67
Analysis date: 2018-11-07 22:46:14 UTC ( 5 days, 5 hours ago )
Antivirus Result Update
AegisLab Trojan.Win32.Wabot.lh0Z 20181107
AhnLab-V3 PUP/Win32.Downloader.C258365 20181107
Arcabit Adware.A 20181107
Avast Win32:Adware-DMG [Adw] 20181107
AVG Win32:Adware-DMG [Adw] 20181107
Avira (no cloud) ADWARE/DealPly.Gen 20181107
CAT-QuickHeal Pua.Dealply.27204 20181105
ClamAV Win.Adware.Dealply-222 20181107
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20181022
Cylance Unsafe 20181107
Cyren W32/Bundler.E.gen!Eldorado 20181107
DrWeb Adware.Downware.17507 20181107
Endgame malicious (high confidence) 20180730
ESET-NOD32 Win32/DownWare.E potentially unwanted 20181107
F-Prot W32/Bundler.E.gen!Eldorado 20181107
Fortinet W32/DownWare.E!tr 20181107
GData Win32.Application.InstallCore.IO 20181107
Ikarus PUA.DealPly.Updater 20181107
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0048e86c1 ) 20181107
K7GW Trojan ( 0048e86c1 ) 20181107
Kaspersky not-a-virus:AdWare.Win32.DealPly.brj 20181107
Kingsoft Win32.Troj.Generic.a.(kcloud) 20181107
Malwarebytes PUP.Optional.DigitalSites 20181107
MAX malware (ai score=98) 20181107
Microsoft BrowserModifier:Win32/Prifou 20181107
NANO-Antivirus Trojan.Win32.Agent.cqljuz 20181107
Panda Generic Malware 20181107
Rising Trojan.Win32.Generic.1588375E (C64:YzY0Oi7syk3Minaw) 20181107
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV DealPly Updater (PUA) 20181107
SUPERAntiSpyware Adware.DealPly/Variant 20181107
Symantec PUA.Astromenda 20181107
Tencent Win32.Adware.Dealply.Ambz 20181107
TrendMicro ADW_DOWNWRE.GA 20181107
TrendMicro-HouseCall ADW_DOWNWRE.GA 20181107
VBA32 SScope.Trojan.Kriptik.8607 20181106
Webroot W32.Adware.Gen 20181107
Yandex PUA.Downloader! 20181107
Zillya Downloader.Agent.Win32.194923 20181107
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.DealPly.brj 20181107
Ad-Aware 20181107
Alibaba 20180921
ALYac 20181107
Antiy-AVL 20181107
Avast-Mobile 20181107
Babable 20180918
Baidu 20181107
BitDefender 20181107
Bkav 20181107
CMC 20181107
Cybereason 20180225
eGambit 20181107
Emsisoft 20181107
F-Secure 20181107
Jiangmin 20181107
McAfee 20181107
McAfee-GW-Edition 20181107
eScan 20181107
Palo Alto Networks (Known Signatures) 20181107
Qihoo-360 20181107
Symantec Mobile Insight 20181105
TACHYON 20181107
TheHacker 20181107
Trustlook 20181107
VIPRE 20181107
ViRobot 20181107
Zoner 20181107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001346C
Number of sections 8
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
GetLastError
GetStdHandle
EnterCriticalSection
GetModuleFileNameW
WaitForSingleObject
FreeLibrary
ExitProcess
GetModuleFileNameA
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetWindowsDirectoryW
LocalAlloc
CreateThread
UnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
GetSystemPowerStatus
RaiseException
WideCharToMultiByte
GetModuleHandleA
GetSystemDirectoryW
WriteFile
CloseHandle
GetComputerNameA
ExitThread
GetExitCodeProcess
LocalFree
TerminateProcess
ResumeThread
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
SetFileAttributesW
TlsSetValue
GetCurrentThreadId
VirtualAlloc
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
SysAllocStringLen
MessageBoxA
GetKeyboardType
CharNextA
OemToCharA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75264

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x1346c

InitializedDataSize
17920

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 ec63f649f7090f885ebd4770ffb92fcb
SHA1 2a19e8791533376d8f930704c7487b990be5b7cd
SHA256 ca24a8f7c04fe15a758f3360c8e5619205c53807bfc65f82c028cdf808bf2189
ssdeep
1536:siqjzsaAlMgB/79hsMvBdT2zedvKkr1oeGzkGs8k5myYGuBRFzY:azYlVphB5dT2aQkr1ldB5mBGuBRdY

authentihash 49ad2de87a289dbb6ba251c06de32737a5f142fa0c4477d72092b0649947c1a9
imphash 797b2bd2837072c8378aa9a18fed3b05
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (93.1%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.5%)
Win16/32 Executable Delphi generic (0.7%)
OS/2 Executable (generic) (0.7%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2013-04-22 01:04:24 UTC ( 5 years, 6 months ago )
Last submission 2018-07-31 13:43:55 UTC ( 3 months, 2 weeks ago )
File names 2211313a-a5b0-305b-eb98-6d73b7db47c3_1d21d17b5c3a4b3
12daad1c-93e0-e3f6-7db2-bf1a17dbaadb_1d21d74d1bffa4b
eb83fe99-1771-f6b9-7a0d-4701271508a4_1d21f1ce1592d9f
efc043a1-764d-d215-906e-79d1c069d607_1d21fc3ee32c0d4
0a247650-0429-7efd-00b0-b0a13d66eb93_1d21aedfa1fbec4
05f49f8e-8fc4-7a41-bec7-9ee732fcfc27_1d21fc2672a573d
5273ceb1-8f02-aad9-677c-e65395453e2e_1d21d2b6381321d
87b2b57f-182a-5142-4b0a-61006ea0db96_1d21da7605b2a39
125e6db0-4895-b968-966e-9efaa9d02747_1d230faf1fa5bb1
6918b0bd-57d4-adc0-1578-d8029e9cd8c0_1d21ba8685919fe
bbff7238-365b-c62d-edf1-70fed2c1679d_1d21db02e487709
eadfa356-c7d1-dfca-a093-afd9ef519cc5_1d21c7bd59511e4
28be0656-c77e-45a1-43fa-8cc98fff2f8f_1d21b0172513634
832abc5c-f125-0074-dfb5-04ab0bc7ddc1_1d21d4ae6fbb85d
4be0f409-7c86-59d0-4d8a-1d07aa5461aa_1d21f1c855bdd75
66b84be0-cd7f-b33f-5144-74409136f7e8_1d21bd97bf0bd1a
45ab114c-74ca-fbf2-c0d8-181140bd0163_1d21fc4948777f0
20a2c00e-ae67-8fab-ab52-aef6f3ec8281_1d21f1d5242651d
UpdateTask.exe
77b243de-3c4f-5431-ac0a-61700183704a_1d21f6504c65ba2
07ca5f1d-f7f9-1831-80eb-9893bd39cd83_1d21fe328ef1d9b
60ebcdb3-5085-8f4d-a380-70ac088a3222_1d21fe351513329
f42a7ad3-6a3c-a22f-2ab7-4a548c4e53ab_1d21c315d545d45
33cf0358-8b84-0098-cd28-9cd7d78e5188_1d21b5274e7f318
2a6281a0-38ee-a9b8-19cb-bea88d20f5b6_1d21f1cbb587a11
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.