How to remove wupdate.exe

wupdate.exe

The module wupdate.exe has been detected as Trojan.LoadMoney

wupdate.exe
Remove wupdate.exe

File Details

MD5: 3235548f116097663720494e4de2ea47
Size: 129 KB
First Published: 2017-05-21 14:09:54 (7 years ago)
Latest Published: 2019-03-29 14:20:01 (5 years ago)
Status: Trojan.LoadMoney (on last analysis)
Analysis Date: 2019-03-29 14:20:01 (5 years ago)

Overview

Signed By: "Ask-Integrator", Ltd.
Status: Valid

Common Places:

%localappdata%\microsoft\windows\inetcache\ie\m4d3z4l2
%localappdata%\wupdate
%localappdata%\microsoft\windows\inetcache\ie\xj2633mq
%profile%\dmin\local settings\application data\wupdate
%localappdata%\microsoft\windows\inetcache\ie\gjeev46g
%localappdata%\microsoft\windows\temporary internet files\content.ie5\yrjzhbp6
%sysdrive%\$recycle.bin\s-1-5-21-926333572-1141172302-625575263-1000\$r1xyxdu
%sysdrive%\$recycle.bin\s-1-5-21-926333572-1141172302-625575263-1000\$rwiw65v
%localappdata%\microsoft\windows\temporary internet files\content.ie5\dl0ugu0w
%localappdata%\microsoft\windows\temporary internet files\content.ie5\o47sj2oj

File Names:

updatek[1].exe
wupdate.exe
trz6B3F.tmp
wupdaten.exe
bkDYNhtwWnPV.exe
A5GRHrf1DVvD.exe
d509wUq8fEHV.exe
mjQP3Eww45lW.exe
PLEZruspLP2B.exe
g2Q5Gchk40R9.exe
3orDrkvokohY.exe
cXlFlUdBr0FA.exe
LXCFvUmoQJES.exe
HcwaRppf3q6m.exe
fvBkDCPb4nAw.exe
g1MIV2bYw0dr.exe
fw0UZWStrEqe.exe
hulo9T2LWcb8.exe
gFqDW9bxyp3K.exe
aRGoee6lcP3N.exe
ZpLFMNvmW3O5.exe
p2yKc42S5dmE.exe
R1ogklGvuGQb.exe
aKk53Vayyg0l.exe
wfexeX3OTRhg.exe
NGjtFGLIzpZb.exe
fiVPizpLAJc3.exe
JDyvGmSHuoys.exe
cDRmx65pbiwR.exe
TODWzkGNXVbu.exe
tMu0chaqAsTF.exe
HtJs4z9x55iU.exe
mnD8ATuaTCwq.exe
E3sVoZMOESkL.exe
OkyYVevOAQgJ.exe
uhAObY9GT0vu.exe
JpL9xoiL2aFC.exe
hb6aEarZrkNA.exe
2lzjRzMehmMf.exe
ks4eaaJ53Qpg.exe
AT5PSqerVV5K.exe
ACUp3wivfz7i.exe
0LfTybaoLAoE.exe
NA02ERQWhuf2.exe
Tzuk9c7nuPns.exe
jd7vbjff1gjG.exe
YngvZ92vHbPO.exe
WDrY0n3yhEpE.exe
kapFEShvp1pX.exe
RkHtqbQ3pbT2.exe
75vb4OPAuPCN.exe
c0OjdXWVr5hT.exe
ZAjH8IQzhAWl.exe
WkruJv6g7RkG.exe
6qpZinTRGP3Q.exe
AUHC9oim2hg7.exe
0fv0PySVwJXF.exe
WItRy494TY0k.exe
47RET6cKhvqJ.exe
IbLJQ4k1M5g1.exe
p4V4pm0Sjw3D.exe
HYoE0aoVm6Vg.exe
WOfzV28aXhUW.exe
3L9bJyA9jwoM.exe
CpEJuYDgOYXo.exe
Be3vIXybtCGt.exe
SYnnS40bjx4v.exe
BAgVdu5n8oBx.exe
qVlTbV1e11Un.exe
TUgL14qC8C4n.exe
Rie1HZdiS5dE.exe
JfNuXXKYkKbt.exe
IiZGESAQojWk.exe
zCFLP5r9mS3e.exe
16C7fHUw6dES.exe
nVZA1rQY6QPG.exe
YaKJ4LJlRouK.exe
w1gAbP1BfiSM.exe
QPQ8dgreyUZ0.exe
524EiTkCKT69.exe
t6ySHRjroF6h.exe
rYx1VtJIwK8G.exe
jLToUTZcDn2w.exe
hFsFTJht9xsZ.exe
5p66uaceWEz1.exe
VzCPVjjQbrr2.exe
zFX45KrAStoD.exe
8j8vI11ZpA8X.exe
9vNgTowvhoHh.exe
jfW8x74zMkkK.exe
Sre2AoWsoA7P.exe
vIcSyS4cfF85.exe
shD1g1YTrd71.exe
mgcitNQ3OU3w.exe
7JbzAWc1Ds7o.exe
waGAxyhEsbg1.exe
PHKd0hN1TT4l.exe
8KEetDt7Rya1.exe
dhV0Tv1ja6ja.exe
Ztoa5wVexasm.exe
mV3lZAdFy2ap.exe
GbCqbhfe10vC.exe
trz82CA.tmp
FWB2pEnxfvWw.exe
yqQnwNXl1jkZ.exe
Df7RvLYl277x.exe
bvryVzWjQZQ0.exe
JM3bUDsvsfgN.exe
xpHcRIT8zsit.exe
G5eg8XLrtxAX.exe
m3Qj350LBypR.exe
jhAlfLo8MfVh.exe
ohx8sVk26BX2.exe
ebPyKVAVQa2G.exe

Geography:

27.5%
24.1%
17.4%
3.2%
3.2%
2.5%
2.5%
2.3%
1.8%
1.6%
1.4%
1.1%
1.1%
1.1%
0.9%
0.7%
0.7%
0.7%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.2%
0.2%
0.2%
0.2%
0.2%
0.2%

OS Version:

Windows 7 61.9%
Windows 10 18.5%
Windows 8.1 9.1%
Windows XP 8.2%
Windows 8 2.1%
Windows Vista 0.2%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00008da7

PE Sections:

Name Size of data MD5
.text 84480 cf5de6593136d98b857baa735a2a8e9b
.rdata 29696 d1434d96e4ff1f1d00d5251299db95cf
.data 5120 8bf6d063a216005b15be91ca10160390
.rsrc 1024 bf1c5f0368eee0cb31188634eba5889f
.reloc 5632 2f5d59ae93df5de0d6b8c0982241d9ea

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for wupdate.exe
copyright for information about wupdate.exe