× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d124b17db4a78864dea31b35dbc6982777eda55156724d7074e7cedbb1d06a5a
File name: eUpdate.exe
Detection ratio: 38 / 57
Analysis date: 2016-06-01 07:26:02 UTC ( 2 months, 4 weeks ago )
Antivirus Result Update
ALYac Trojan.Generic.AD.04143949 20160601
AVG Agent4.BGSL 20160601
AVware Trojan.Win32.Generic!BT 20160601
AegisLab Troj.W32.StartPage.cdus!c 20160601
AhnLab-V3 Malware/Win32.Suspicious 20160531
Antiy-AVL Trojan/Win32.Tgenic 20160601
Avast Win32:Adware-gen [Adw] 20160601
Avira (no cloud) ADWARE/ELEX.B 20160601
Baidu-International Adware.Win32.ELEX.81 20160531
Bkav W32.HfsAdware.A115 20160531
CAT-QuickHeal TrojanDownloader.Wysotot.r7 20160601
Comodo UnclassifiedMalware 20160601
Cyren W32/S-e24e9728!Eldorado 20160601
DrWeb Adware.Mutabaha.30 20160601
ESET-NOD32 a variant of Win32/ELEX.O potentially unwanted 20160601
F-Prot W32/S-e24e9728!Eldorado 20160601
Fortinet W32/VMProtBad.A 20160601
GData Win32.Application.SubTab.B 20160601
Ikarus Trojan.Agent4 20160601
Jiangmin Trojan/StartPage.owv 20160601
K7AntiVirus Riskware ( 0049f6ae1 ) 20160601
K7GW Riskware ( 0049f6ae1 ) 20160601
Kaspersky HEUR:Trojan.Win32.Generic 20160601
Malwarebytes Trojan.Downloader 20160601
McAfee Generic.dx!331DE39B8001 20160601
McAfee-GW-Edition Generic.dx!331DE39B8001 20160601
Microsoft TrojanDownloader:Win32/Wysotot.A 20160601
NANO-Antivirus Trojan.Win32.Wysotot.cvnvmg 20160601
Qihoo-360 Win32/Trojan.Downloader.135 20160601
SUPERAntiSpyware Trojan.Agent/Gen-Downloader 20160601
Sophos Mal/VMProtBad-A 20160601
Symantec PUA.exqWebSearch 20160601
Tencent Win32.Trojan.Bp-generic.Bskd 20160601
VBA32 Trojan.StartPage 20160531
VIPRE Trojan.Win32.Generic!BT 20160601
ViRobot Trojan.Win32.Z.Startpage.709240[h] 20160601
Yandex Riskware.Agent! 20160531
Zillya Trojan.StartPage.Win32.22364 20160531
Ad-Aware 20160601
Alibaba 20160601
Arcabit 20160601
Baidu 20160601
BitDefender 20160601
CMC 20160530
ClamAV 20160601
Emsisoft 20160601
F-Secure 20160601
Kingsoft 20160601
eScan 20160601
Panda 20160531
Rising 20160601
TheHacker 20160601
TotalDefense 20160601
TrendMicro 20160601
TrendMicro-HouseCall 20160601
Zoner 20160601
nProtect 20160531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013

Original name eUpdate.exe
Internal name eUpdate.exe
File version 10.2.0.2610
Signature verification A certificate was explicitly revoked by its issuer.
Signing date 8:26 AM 6/1/2016
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-21 11:11:53
Entry Point 0x000ED2A9
Number of sections 7
PE sections
Overlays
MD5 2d9fdc5ae527781e96054cc7af1a21da
File type data
Offset 703488
Size 5752
Entropy 7.40
PE imports
RegCreateKeyExW
LocalFree
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
ExitProcess
TlsSetValue
LoadLibraryA
GetModuleFileNameA
SHChangeNotify
SHDeleteKeyW
IsNetworkAlive
wsprintfW
GetFileVersionInfoW
WinHttpOpenRequest
InternetCheckConnectionW
CoCreateGuid
Number of PE resources by type
RT_MANIFEST 1
SAFE 1
MAGIC 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
11.0

ImageVersion
0.0

FileVersionNumber
10.2.0.2610

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
489984

EntryPoint
0xed2a9

OriginalFileName
eUpdate.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
10.2.0.2610

TimeStamp
2013:08:21 12:11:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
eUpdate.exe

ProductVersion
10.2.0.2610

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
132096

FileSubtype
0

ProductVersionNumber
10.2.0.2610

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 331de39b80019a55da553830a92b3195
SHA1 8b46591b11a2124297c4a5ebb993ab08389c99ab
SHA256 d124b17db4a78864dea31b35dbc6982777eda55156724d7074e7cedbb1d06a5a
ssdeep
12288:j3lwFi3OwrVPbMdKVwgv21X1eCe3PBgZCaaNt+HBVeF+g7c0JQ2BQoIgbUQ3eB3g:7smPbn2GJgYl+HBsF+gXJVZJbU1rG

authentihash 17b3b4c4c61255faf9abd0fb5f223660ba71115823b42cc2615f081b50fe033c
imphash a217e738b82f10d42e576ccc80b1a1f9
File size 692.6 KB ( 709240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2013-09-26 16:29:31 UTC ( 2 years, 11 months ago )
Last submission 2016-06-01 07:26:02 UTC ( 2 months, 4 weeks ago )
File names temp_000.exe
331de39b80019a55da553830a92b3195.malware
_eUpdate_13.3.2.2700(1).exe
15499237
13199950.malware
13220627.malware
_eUpdate_13.3.2.2700.exe
331de39b80019a55da553830a92b3195__eUpdate_13.3.2.2700.exe.exe
file-6020014_exe
temp_000.exe
output.15499237.txt
eUpdate.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Shell commands
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections