» FpaUpdaterLauncher.exe
Overview
Analysis
File Details
Behaviors (1)

FpaUpdaterLauncher.exe

Ziftr Alerts (formerly FreePriceAlerts.com) Update Manager Launcher

myVBO LLC

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application FpaUpdaterLauncher.exe by myVBO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named FpaUpdaterTask triggered by a time event.

File name:

Publisher:

myVBO LLC (signed and verified)

Product:

Ziftr Alerts (formerly FreePriceAlerts.com) Update Manager Launcher

Version:

3.2.0.0

MD5:

22e657e2e34635c9cf3870956b41922c

SHA-1:

f4877e2b2418f9ed134b56ce6a037a451116b598

SHA-256:

3e97e6b761677596c4320902cc158ea013a59687a3d0c450bad54dbc356d4076

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 6:48:47 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Task.myVBO.S

14.7.27.14

File size:

18 KB (18,448 bytes)

Product version:

3.2.0.0

Original file name:

FpaUpdaterLauncher.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ziftr alerts\fpaupdaterlauncher.exe

Digital Signature

Signed by:

myVBO LLC

Authority:

Thawte, Inc.

Valid from:

5/6/2013 3:00:00 AM

Valid to:

5/12/2015 2:59:59 AM

Subject:

CN=myVBO LLC, OU=FreePriceAlerts, O=myVBO LLC, L=Peterborough, S=New Hampshire, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6839CFCEA583E27C0222A8CEDE5E2DAF

File PE Metadata

Compilation timestamp:

7/11/2013 6:21:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

192:62qA0f4/NjbBQ5WZzWeWqlwKMFJJkOqqG8ysKDlnyFG8Cou7+wse+PjPtUII:l64/SWpWqlwKMFQD8yD5n0duSPLqII

Entry address:

0x1B37

Entry point:

E8, 7F, 04, 00, 00, E9, 37, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 50, 41, 40, 00, 89, 0D, 4C, 41, 40, 00, 89, 15, 48, 41, 40, 00, 89, 1D, 44, 41, 40, 00, 89, 35, 40, 41, 40, 00, 89, 3D, 3C, 41, 40, 00, 66, 8C, 15, 68, 41, 40, 00, 66, 8C, 0D, 5C, 41, 40, 00, 66, 8C, 1D, 38, 41, 40, 00, 66, 8C, 05, 34, 41, 40, 00, 66, 8C, 25, 30, 41, 40, 00, 66, 8C, 2D, 2C, 41, 40, 00, 9C, 8F, 05, 60, 41, 40, 00, 8B, 45, 00, A3, 54, 41, 40, 00, 8B, 45, 04, A3, 58, 41, 40, 00, 8D, 45, 08, A3, 64, 41, 40... 
[+]

Entropy:

6.1477

Code size:

4.5 KB (4,608 bytes)

Scheduled Task

Task name:

FpaUpdaterTask

Trigger:

Time (Next runs on 4/19/2014 at 12:21 AM)

Remove FpaUpdaterLauncher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.