FoodBuzzUpdate.exe

ToolbarUpdater

2298491 Ontario Inc.

The application FoodBuzzUpdate.exe by 2298491 Ontario has been detected as adware by 6 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘RecipesHQToolbarUpdater’. This file is typically installed with the program FoodBuzz by Lake Ventures, LLC. which is a potentially unwanted software program. While running, it connects to the Internet address no.rdns.ukservers.com on port 80 using the HTTP protocol.
Publisher:
FoodBuzz  (signed by 2298491 Ontario Inc.)

Product:
ToolbarUpdater

Description:
FoodBuzzUpdate

Version:
1.0.0.0

MD5:
5af774e087e9680e75dc32948851665e

SHA-1:
99c43f3ae9a672a5fd73e7a4d187556d411f2c2e

SHA-256:
5a70ee489b0923db0bfabeaae6f67b0dfd46b96fcb653bbe4d10e0563138ccd6

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/18/2017 4:55:44 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
16696

McAfee
RDN/Generic PUP.x!ya
5600.7232

McAfee Web Gateway
RDN/Generic PUP.x!ya
7.7232

Reason Heuristics
PUP.Startup.2298491Ontario.O
14.7.27.14

Trend Micro House Call
TROJ_GEN.F47V0609
7.2.32

VIPRE Antivirus
FoodBuzz
20090

File size:
245.3 KB (251,144 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
FoodBuzzUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\foodbuzz\update\foodbuzzupdate.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
2/15/2013 8:00:24 PM

Valid to:
2/15/2014 8:00:24 PM

Subject:
CN=2298491 Ontario Inc., O=2298491 Ontario Inc., L=Guelph, S=ON, C=CA

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0781DF92848AC5

File PE Metadata
Compilation timestamp:
5/25/2013 5:26:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:MqTlhQcA333KlEM6xwa9kWHScg333KLyt:MeA333Z9/xg333Wyt

Entry address:
0x2498E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.4384

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
138.5 KB (141,824 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RecipesHQToolbarUpdater

Command:
C:\Program Files\foodbuzz\update\foodbuzzupdate.exe


The file FoodBuzzUpdate.exe has been discovered within the following program.

FoodBuzz  by Lake Ventures, LLC.
FoodBuzz (foodbuzz.net/2298491 Ontario Inc.) is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.
foodbuzz.net
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:80)

TCP (HTTP):
Connects to no.rdns.ukservers.com  (94.229.72.116:80)

TCP (HTTP):
Connects to admarketplace.dmarc.lga1.atlanticmetro.net  (108.60.149.202:80)

TCP (HTTP SSL):
Connects to ec2-52-55-195-249.compute-1.amazonaws.com  (52.55.195.249:443)

TCP (HTTP):
Connects to bridge2.sfo1.admarketplace.net  (72.28.103.59:80)

Remove FoodBuzzUpdate.exe - Powered by Reason Core Security