» addenupdate.exe
Overview
Analysis
File Details

addenupdate.exe

stimpack

The application addenupdate.exe by stimpack has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will plug into the web browser and collect information about the user's browsing activities (such as visited URLs) in order to display targeted popup advertisements.

File name:

addenupdate.exe

Publisher:

stimpack (signed and verified)

MD5:

e946eaced70a01f39dc3b4f5e6dbec40

SHA-1:

7dfe03428a6f605be8e9d72117d74a76c4d88ae2

SHA-256:

aa30e6666ac0f4bdf0eaf49d5a8ff08c5554591dfee33af1f4b9c8221f341544

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 7:22:45 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/Helper.Addendum.132232

2013.11.21

Malwarebytes

Adware.KorAd

v2016.12.15.08

Norman

NetworkWorm

11.20161215

Panda Antivirus

Suspicious file

16.12.15.08

Trend Micro House Call

ADW_KRADDARE

7.2.350

Trend Micro

ADW_KRADDARE

10.465.15

VIPRE Antivirus

Adware.Adpopup

23556

File size:

129.1 KB (132,232 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\addenupdate.exe

Digital Signature

Signed by:

stimpack

Authority:

Thawte, Inc.

Valid from:

10/11/2011 5:00:00 PM

Valid to:

10/11/2012 4:59:59 PM

Subject:

CN=stimpack, O=stimpack, L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

48B9C4BD9AE7ED7029E78BFD796E0CC2

File PE Metadata

Compilation timestamp:

12/5/2009 2:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.7827

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove addenupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.