» 3491_updater.exe
Overview
Analysis
File Details
Downloads (1)

3491_updater.exe

Vid-Saver

Engaging Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application 3491_updater.exe, “Vid-Saver Updater” by Engaging Apps has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

3491_updater.exe

Publisher:

Innovative Apps (signed by Engaging Apps)

Product:

Vid-Saver

Description:

Vid-Saver Updater

Version:

1.1.2.1

MD5:

86cb3cb74d4a6e41ecfb521065bdbc21

SHA-1:

a2da1e49a5561c4f2720ee1fbac6dfde3f05c6cd

SHA-256:

56f42b5fd9219980909972746c7a0085e6a0c762dcafc8596824329c731369e8

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/16/2024 10:40:39 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Packed.ScrambleWrapper

8.9427

Fortinet FortiGate

W32/Generic

11/17/2014

K7 AntiVirus

Unwanted-Program

13.175.11177

Malwarebytes

PUP.Optional.VidSaver.A

v2014.11.17.06

McAfee

Artemis!86CB3CB74D4A

5600.6943

Reason Heuristics

PUP.EngagingApps.M

14.11.17.18

Sophos

AppRider

4.97

VIPRE Antivirus

GamePlayLabs

26482

File size:

466.8 KB (478,032 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\3491_updater.exe

Digital Signature

Signed by:

Engaging Apps

Authority:

Thawte, Inc.

Valid from:

6/3/2013 8:00:00 PM

Valid to:

6/4/2014 7:59:59 PM

Subject:

CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

632EEBD9B987BC680D444D8675A26545

File PE Metadata

Compilation timestamp:

2/19/2012 10:01:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

12288:Xtob0HoeOTZpJCHYmapvd609EXp9q8LiKIS14:XtDOdpJCHRapl609E39LuS14

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.8231 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file 3491_updater.exe has been seen being distributed by the following URL.

http://download.my-apps-repository.com/installer_ie_enabler/3491/.../0/.../0/updater.exe

Remove 3491_updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.