» extensionupdaterservice.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

extensionupdaterservice.exe

Bit Cocktail Ltd.

The application extensionupdaterservice.exe by Bit Cocktail has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “IB Updater”. This file is typically installed with the program IB Updater 2.0.0.530 by Perion Network Ltd. which is a potentially unwanted software program.

File name:

Publisher:

Bit Cocktail Ltd. (signed and verified)

MD5:

cedb27baca286f063c3a11d44af530ae

SHA-1:

7671d846963b8527b39d35a34338fd880867bb11

SHA-256:

3fc6084a7ad4218e47396f200ebd834c28594116cf8662d653c4b81ecd27ce17

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 11:34:47 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BitCocktail (M)

17.3.3.20

File size:

184.3 KB (188,760 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ib updater\extensionupdaterservice.exe

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

11/12/2012 1:00:00 AM

Valid to:

1/17/2014 12:59:59 AM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2FF74ED2AFEBAFD72E0750E98DC63C1C

File PE Metadata

Compilation timestamp:

1/29/2013 1:28:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0xAD21

Entry point:

E8, 3A, 57, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 20, 12, 42, 00, 00, 74, 05, E9, F1, 57, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44... 
[+]

Code size:

98 KB (100,352 bytes)

Service

Display name:

IB Updater

Type:

Win32OwnProcess

The file extensionupdaterservice.exe has been discovered within the following program.

IB Updater 2.0.0.530 by Perion Network Ltd.

The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodically connects to the IncrediBar servers.

www.incredibar.com

80% remove it

Remove extensionupdaterservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.