home

google updater.exe

Google Inc

This is a setup program which is used to install the application. The file has been seen being downloaded from www.google.com.
Publisher:
Google Inc  (signed and verified)

MD5:
698ca0b53d769fa49059ee2e0d02df89

SHA-1:
86d630d0740576351295dc8b1af45edfc7aab9a5

SHA-256:
9855dfc49672c994824a2f278265a5ccd21ba655457d6b6ca464c416649545a5

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/23/2024 8:09:31 PM UTC  (today)

File size:
1.2 MB (1,257,032 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\google updater.exe

Digital Signature
Signed by:
Google Inc

Authority:
VeriSign, Inc.

Valid from:
6/18/2007 8:00:00 PM

Valid to:
6/18/2010 7:59:59 PM

Subject:
CN=Google Inc, OU=Digital ID Class 3 - Netscape Object Signing, O=Google Inc, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3144C06A6CFB5076C15D399572C69421

File PE Metadata
Compilation timestamp:
12/14/2009 5:26:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:WitQVHTBs4LlC4mHpEHSrQT0J2BmqeKRcR39vFT2RvH+WGzIrMM6fc:eA4Llh6SSrVxg6pp2JeWGzIrMM60

Entry address:
0x11636

Entry point:
B8, 24, 2E, 97, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 42, 31, 6C, F8, E0, 2D, B7, 57, 33, F7, 76, 3D, 89, A5, 95, F7, 5F, 42, 9B, 64, 96, 35, 3A, 12, 4C, 63, FE, 8E, D0, EF, E9, B3, 16, C0, 3E, 42, 50, DA, 5A, D7, B2, DE, 26, CE, 91, 3A, B2, DC, 5E, 6C, 2F, BC, 20, F6, 01, 6D, 58, D7, B1, 37, 1E, 9A, C9, BE, 83, F3, 8C, C9, 69, 8E, 40, 40, 9F, 18, B3, 69, 6E, 0C, 4A, FF, BC, 73, 9C, 50, 88, 20, F8, 3A, C7, 4F, 17, F5, E3...
 
[+]

Entropy:
7.9862

Packer / compiler:
PECompact v2

Code size:
111 KB (113,664 bytes)

The file google updater.exe has been seen being distributed by the following URL.

http://www.google.com/pack/.../Google_Updater?hl=en&stub=on&ciNum=0&file=Google_Updater.exe&brand=GPMA

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.