» extensionupdaterservice.exe
Overview
Analysis
File Details
Behaviors (1)

extensionupdaterservice.exe

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application extensionupdaterservice.exe by Fedorov Paul has been detected as adware by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Service for Gigabase”.

File name:

Publisher:

Fedorov Paul (signed and verified)

MD5:

38beec11f252b030216f5ad5fdaada7f

SHA-1:

4fcbcab19500ddbc0b624728337dbf594cce5747

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/25/2024 1:05:24 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.BGuard.31

9.0.1.0168

Malwarebytes

PUP.Optional.SweetPacks.A

v2015.06.17.12

NANO AntiVirus

Trojan.Win32.Agent.doxche

0.30.8.659

Reason Heuristics

PUP.Webpick.FedorovPaul

15.6.17.8

File size:

222.1 KB (227,472 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gigabase\basement\extensionupdaterservice.exe

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

8/28/2012 3:00:00 AM

Valid to:

8/29/2013 2:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

702D4055EE5CC734192DCBDFFE7AE8E1

File PE Metadata

Compilation timestamp:

6/7/2013 1:46:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:cVgq2wouc/BIaBq9bk0fgzwei/LtLPDBdNcmvvZpsT6dfJ+Fkp5k1v:agH2fgzwei/LZPvNcYZpK6l6kp5Kv

Entry address:

0xF312

Entry point:

E8, 58, 66, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, D2, 68, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, D5, 28, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 78, 7D, 42, 00, 74, 12, 8B, 0D, 94, 7C, 42, 00, 85, 48, 70, 75, 07, E8, 3F, 72, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 98, 7B, 42, 00, 74, 16, 8B, 46, 08, 8B, 0D, 94, 7C, 42... 
[+]

Code size:

125.5 KB (128,512 bytes)

Service

Display name:

Update Service for Gigabase

Type:

Win32OwnProcess

Remove extensionupdaterservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.