home

googleupdater.exe

{B1A3E942-0C97-49A3-8C63-10C008633F19}

The executable googleupdater.exe has been detected as malware by 26 anti-virus scanners.
Publisher:
{B1A3E942-0C97-49A3-8C63-10C008633F19}  (signed and verified)

Version:
0.0.0.0

MD5:
e670d51685050bcc36e46521c731ef02

SHA-1:
d65ca4a628cf36da62dc379a14260f7ddac8e236

SHA-256:
7836901499d5e7d1a5663eb37da1e835f09dae13755d344c67133c9de6c06603

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
4/23/2024 8:29:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1467802
18

AhnLab V3 Security
Backdoor/Win32.Agent
2014.01.06

Avira AntiVirus
TR/Injector.ciu.7
7.11.123.186

avast!
Win32:Malware-gen
2014.9-170117

AVG
Generic35
2018.0.2496

Baidu Antivirus
Backdoor.Win32.DarkKomet
4.0.3.17117

Bitdefender
Trojan.GenericKD.1467802
1.0.20.85

Comodo Security
UnclassifiedMalware
17561

Dr.Web
Trojan.DownLoader10.62087
9.0.1.017

Emsisoft Anti-Malware
Trojan.GenericKD.1467802
8.17.01.17.11

ESET NOD32
MSIL/Injector.CJK (variant)
11.9255

Fortinet FortiGate
MSIL/Injector.CJK!tr
1/17/2017

G Data
Trojan.GenericKD.1467802
17.1.22

IKARUS anti.virus
Backdoor.Win32.DarkKomet
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10735

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.-1027

Malwarebytes
Trojan.MSIL
v2017.01.17.11

McAfee
Artemis!E670D5168505
5600.6152

MicroWorld eScan
Trojan.GenericKD.1467802
18.0.0.51

NANO AntiVirus
Trojan.Win32.DownLoader10.crmoaq
0.28.0.57029

nProtect
Trojan.GenericKD.1467802
14.01.06.01

Panda Antivirus
Trj/CI.A
17.01.17.11

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
TROJ_GEN.R00UH07LV13
7.2.17

Vba32 AntiVirus
Backdoor.DarkKomet
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25142

File size:
1.6 MB (1,632,832 bytes)

Product version:
0.0.0.0

Original file name:
tmp88F8.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\google\googleupdater.exe

Digital Signature
Signed by:
{B1A3E942-0C97-49A3-8C63-10C008633F19}

Authority:
{B1A3E942-0C97-49A3-8C63-10C008633F19}

Valid from:
11/26/2013 2:15:56 PM

Valid to:
11/26/2014 8:15:56 PM

Subject:
CN={B1A3E942-0C97-49A3-8C63-10C008633F19}

Issuer:
CN={B1A3E942-0C97-49A3-8C63-10C008633F19}

Serial number:
170631A2653871824A2B0B818369A5C6

File PE Metadata
Compilation timestamp:
12/11/2013 7:09:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x16D40E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7764

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.4 MB (1,488,384 bytes)

Remove googleupdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.