» extensionupdaterservice.exe
Overview
Analysis
File Details
Behaviors (1)

extensionupdaterservice.exe

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application extensionupdaterservice.exe by Fedorov Paul has been detected as adware by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Service for Cashsyst”.

File name:

Publisher:

Fedorov Paul (signed and verified)

MD5:

15500c494963e9fce1cb1e2b247f9928

SHA-1:

acbc2ec2674fb2dbbedf9983a2db036b7e6281dc

SHA-256:

5489c0671f4c476d0172b9963221d0d435d825530ea0cab3fae8b19d113e424d

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/26/2024 5:32:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Webpick.FedorovP (M)

16.3.24.0

File size:

732.6 KB (750,224 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\cashsyst\basement\extensionupdaterservice.exe

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

9/30/2013 4:00:00 AM

Valid to:

10/17/2014 3:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4775A986F383176992FD70C1405B2DEA

File PE Metadata

Compilation timestamp:

7/29/2013 9:00:18 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:BCTKmr0pUIlbFiDIvyv9qwJ3qIe8sB2o4wgV0R/tfwLQS0tOecbFc2CBlBrKICZx:QTKDp1lbUSqJ3qv8C2o4wm0R/tfwLQS7

Entry address:

0x795A7

Entry point:

E8, 3A, A3, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, B4, A5, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 08, FF, 15, 9C, 22, 49, 00, 85, C0, 75, 08, FF, 15, 6C, 20, 49, 00, EB, 02, 33, C0, 85, C0, 74, 0C, 50, E8, CE, 32, 00, 00, 59, 83, C8, FF, 5D, C3, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 0F, B7, 08, 53, 56, 57, 66, 85, C9, 74, 2C, 8B, 5D, 0C, 0F, B7, 3B, 0F, B7, C9, 8B, F3, 66, 3B, F9, 74, 12... 
[+]

Code size:

578 KB (591,872 bytes)

Service

Display name:

Update Service for Cashsyst

Type:

Win32OwnProcess

Remove extensionupdaterservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.