Gridinsoft Logo
File Icon

The Wub.exe (Windows Update Blocker) File Analysis

Updated 1 month ago
Checked by Malaware Check
Wub.exe

Technical Analysis

File Name Wub.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.212.174
Database Version 2025-04-07 19:00:53 UTC

Clean File

No threats detected by our scanner

0%
Detection Rate
741,800
File Size (bytes)
2025-04-07
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
e2a9b4527cbb6755a23b9988b58f0f9c
SHA1
10664199a6af04dffa8c26c5c13c12910e66aa47
SHA256
9834978cf80815691e698ce6e7fb6c9bf6f74dca2a0a10f41dcbdb1776cbee68
SHA512
86f5074ae5037ad4089bcb8dbf262ffd61e817e99e7a040f6be79bf434baea3a58206e837c249039b8b57f9620a4c2e72d89a13a986ebbd39f6329b48b81a37a
ImpHash
0fdea7b843f3a9b0df5ebae1939072ae

PE Analysis

Basic Information

Icon
Hash: b0614347c78605d3c0e5fee7f08bc598
Fuzzy: 310d8c196a0ff8ccf5f8e19963edeef6
dHash: b1b0b27be9c4e060
Image Base 0x00400000
Entry Point 0x00416310
Compilation Time 2010-04-16 07:47:33
Checksum 0x000bc2c5 (Actual: 0x000bc2c5)
OS Version 5.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature Chain verification from CN=Sordum Software (serial:-81354254341847237072575753828559629030, sha1:f5e71628a478a248353bf0177395223d2c5a0e43) failed: The X.509 certificate provided is self-signed - "Common Name: Sordum Software"
Imports 16 libraries
Exports 0 functions
Resources 20 Resources
Sections 4 Sections

Version Information

FileVersion 1.1.0.0
Comments Windows Update Blocker
FileDescription Windows Update Blocker
LegalCopyright Copyright © 2016-2018 www.sordum.org All Rights Reserved.
CompanyName www.sordum.org
Coder By BlueLife
Translation 0x0809 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 524,311 bytes 524,800 bytes 6.63 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 58A07F5E2D9EB73668EEEFCB5D5B6147
.rdata 0x00082000 55,644 bytes 55,808 bytes 4.87 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E5595452B5872F6D4EC02BD11899F61C
.data 0x00090000 107,800 bytes 26,624 bytes 2.20 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE FD9C154AED6AB94BCDCFC1C91C2CE57B
.rsrc 0x000ab000 76,032 bytes 76,288 bytes 6.48 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ AB1FF1DF54743D6A672B4CB971C1EE1C
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 20 (74,855 bytes)
Resource Type Count Total Size Percentage
RT_ICON 9 64,752 bytes
86.5%
RT_STRING 2 1,022 bytes
1.4%
RT_RCDATA 3 7,061 bytes
9.4%
RT_GROUP_ICON 4 150 bytes
0.2%
RT_VERSION 1 688 bytes
0.9%
RT_MANIFEST 1 1,182 bytes
1.6%

Certificate Chain Analysis

Certificate Information
Description Windows Update Blocker
File Version 1.1.0.0
Signing Date 06:34 PM 05/06/2018 (2587 days ago)
Verification Status A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Signers Sordum Software
Copyright Copyright © 2016-2018 www.sordum.org All Rights Reserved.
Certificate Chain Summary
Sordum Software #1 Primary
Validity Period: 2005-12-31 21:00:00 → 2025-12-31 21:00:00
Signature Algorithm: 1.3.14.3.2.29
Serial Number: C2 CB BD 94 6B C3 FD B9 44 D5 22 93 1D 61 D5 1A
Symantec Time Stamping Services CA - G2 #2 Chain
Validity Period: 2012-12-21 00:00:00 → 2020-12-30 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
Symantec Time Stamping Services Signer - G4 #3 Chain
Validity Period: 2012-10-18 00:00:00 → 2020-12-29 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from CN=Sordum Software (serial:-81354254341847237072575753828559629030, sha1:f5e71628a478a248353bf0177395223d2c5a0e43) failed: The X.509 certificate provided is self-signed - "Common Name: Sordum Software"

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
This file passed all security checks, but stay vigilant. New malware variants appear daily that can evade detection. Always verify files come from official sources and check digital signatures when available.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware