× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ca24a8f7c04fe15a758f3360c8e5619205c53807bfc65f82c028cdf808bf2189
File name: UpdateTask.exe
Detection ratio: 44 / 64
Analysis date: 2017-08-17 06:17:18 UTC ( 4 months ago )
Antivirus Result Update
AegisLab Adware.W32.Dealply!c 20170817
AhnLab-V3 PUP/Win32.Downloader.C258365 20170817
Arcabit Adware.A 20170817
Avast Win32:PUP-gen [PUP] 20170817
AVG Win32:PUP-gen [PUP] 20170817
Avira (no cloud) ADWARE/DealPly.Gen 20170817
AVware Trojan.Win32.Generic!BT 20170817
CAT-QuickHeal Pua.Dealply.27204 20170816
ClamAV Win.Adware.Dealply-222 20170817
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170817
Cyren W32/Bundler.E.gen!Eldorado 20170817
DrWeb Adware.Downware.17507 20170817
Endgame malicious (high confidence) 20170721
ESET-NOD32 Win32/DownWare.E potentially unwanted 20170817
F-Prot W32/Bundler.E.gen!Eldorado 20170817
F-Secure Application:W32/Prifou 20170817
Fortinet W32/DownWare.E!tr 20170817
GData Win32.Application.InstallCore.IO 20170817
Ikarus PUA.DealPly.Updater 20170816
Sophos ML heuristic 20170817
K7AntiVirus Trojan ( 0048e86c1 ) 20170817
K7GW Trojan ( 0048e86c1 ) 20170817
Kaspersky not-a-virus:AdWare.Win32.DealPly.brj 20170817
Kingsoft Win32.Troj.Generic.a.(kcloud) 20170817
Malwarebytes PUP.Optional.DigitalSites 20170817
Microsoft BrowserModifier:Win32/Prifou 20170817
NANO-Antivirus Trojan.Win32.Agent.cqljuz 20170817
Panda PUP/DealPlyToolbar 20170816
Rising Trojan.Generic (cloud:225MQloITJP) 20170817
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV DealPly Updater (PUA) 20170817
SUPERAntiSpyware Adware.DealPly/Variant 20170817
Symantec PUA.Astromenda 20170817
Tencent Win32.Adware.Dealply.Ambz 20170817
TrendMicro ADW_DOWNWRE.GA 20170817
TrendMicro-HouseCall ADW_DOWNWRE.GA 20170817
VBA32 SScope.Trojan.Kriptik.8607 20170816
VIPRE Trojan.Win32.Generic!BT 20170817
ViRobot Adware.Downware.94208 20170817
Webroot W32.Adware.Gen 20170817
Yandex PUA.Downloader! 20170815
Zillya Downloader.Agent.Win32.194923 20170816
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.DealPly.brj 20170817
Ad-Aware 20170817
Alibaba 20170817
ALYac 20170817
Antiy-AVL 20170817
Baidu 20170817
BitDefender 20170817
Bkav 20170816
CMC 20170817
Comodo 20170817
Emsisoft 20170817
Jiangmin 20170817
MAX 20170817
McAfee 20170817
McAfee-GW-Edition 20170817
eScan 20170817
nProtect 20170817
Palo Alto Networks (Known Signatures) 20170817
Qihoo-360 20170817
Symantec Mobile Insight 20170816
TheHacker 20170817
Trustlook 20170817
WhiteArmor 20170815
Zoner 20170816
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0001346C
Number of sections 8
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteKeyW
RegOpenKeyExA
RegQueryValueExW
GetLastError
GetStdHandle
EnterCriticalSection
GetModuleFileNameW
WaitForSingleObject
FreeLibrary
ExitProcess
GetModuleFileNameA
RtlUnwind
GetLocalTime
DeleteCriticalSection
GetStartupInfoA
GetWindowsDirectoryW
LocalAlloc
CreateThread
UnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
GetSystemPowerStatus
RaiseException
WideCharToMultiByte
GetModuleHandleA
GetSystemDirectoryW
WriteFile
CloseHandle
GetComputerNameA
ExitThread
GetExitCodeProcess
LocalFree
TerminateProcess
ResumeThread
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
SetFileAttributesW
TlsSetValue
GetCurrentThreadId
VirtualAlloc
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
SysAllocStringLen
MessageBoxA
GetKeyboardType
CharNextA
OemToCharA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 3
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75264

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
17920

SubsystemVersion
4.0

EntryPoint
0x1346c

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 ec63f649f7090f885ebd4770ffb92fcb
SHA1 2a19e8791533376d8f930704c7487b990be5b7cd
SHA256 ca24a8f7c04fe15a758f3360c8e5619205c53807bfc65f82c028cdf808bf2189
ssdeep
1536:siqjzsaAlMgB/79hsMvBdT2zedvKkr1oeGzkGs8k5myYGuBRFzY:azYlVphB5dT2aQkr1ldB5mBGuBRdY

authentihash 49ad2de87a289dbb6ba251c06de32737a5f142fa0c4477d72092b0649947c1a9
imphash 797b2bd2837072c8378aa9a18fed3b05
File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
bobsoft peexe

VirusTotal metadata
First submission 2013-04-22 01:04:24 UTC ( 4 years, 7 months ago )
Last submission 2017-08-17 06:17:18 UTC ( 4 months ago )
File names 2211313a-a5b0-305b-eb98-6d73b7db47c3_1d21d17b5c3a4b3
12daad1c-93e0-e3f6-7db2-bf1a17dbaadb_1d21d74d1bffa4b
eb83fe99-1771-f6b9-7a0d-4701271508a4_1d21f1ce1592d9f
efc043a1-764d-d215-906e-79d1c069d607_1d21fc3ee32c0d4
0a247650-0429-7efd-00b0-b0a13d66eb93_1d21aedfa1fbec4
05f49f8e-8fc4-7a41-bec7-9ee732fcfc27_1d21fc2672a573d
5273ceb1-8f02-aad9-677c-e65395453e2e_1d21d2b6381321d
87b2b57f-182a-5142-4b0a-61006ea0db96_1d21da7605b2a39
125e6db0-4895-b968-966e-9efaa9d02747_1d230faf1fa5bb1
6918b0bd-57d4-adc0-1578-d8029e9cd8c0_1d21ba8685919fe
bbff7238-365b-c62d-edf1-70fed2c1679d_1d21db02e487709
eadfa356-c7d1-dfca-a093-afd9ef519cc5_1d21c7bd59511e4
28be0656-c77e-45a1-43fa-8cc98fff2f8f_1d21b0172513634
832abc5c-f125-0074-dfb5-04ab0bc7ddc1_1d21d4ae6fbb85d
4be0f409-7c86-59d0-4d8a-1d07aa5461aa_1d21f1c855bdd75
66b84be0-cd7f-b33f-5144-74409136f7e8_1d21bd97bf0bd1a
45ab114c-74ca-fbf2-c0d8-181140bd0163_1d21fc4948777f0
20a2c00e-ae67-8fab-ab52-aef6f3ec8281_1d21f1d5242651d
UpdateTask.exe
77b243de-3c4f-5431-ac0a-61700183704a_1d21f6504c65ba2
07ca5f1d-f7f9-1831-80eb-9893bd39cd83_1d21fe328ef1d9b
60ebcdb3-5085-8f4d-a380-70ac088a3222_1d21fe351513329
f42a7ad3-6a3c-a22f-2ab7-4a548c4e53ab_1d21c315d545d45
33cf0358-8b84-0098-cd28-9cd7d78e5188_1d21b5274e7f318
2a6281a0-38ee-a9b8-19cb-bea88d20f5b6_1d21f1cbb587a11
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.