home

localbackup_enu.exe

UpdateStar Local Backup

UpdateStar GmbH

The application localbackup_enu.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from static.updatestar.net.
Publisher:
UpdateStar GmbH  (signed and verified)

Product:
UpdateStar Local Backup

Version:
4.0.235

MD5:
74698420cfd55261f2ffc802ef66a104

SHA-1:
5c8753585e08618d326321d7efc9f34a6e5f1b6d

SHA-256:
452c93c1080a76c986e3d49f7ab3c17a49bbcedb7f5e83aaca9b10b3527c52ad

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/10/2024 12:01:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.installCore.UpdateStar (M)
16.2.16.15

File size:
9.1 MB (9,498,672 bytes)

Product version:
4.0.235

Copyright:
Copyright (c) UpdateStar GmbH

Original file name:
Stub.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\nowy folder\localbackup_enu.exe

Digital Signature
Signed by:
UpdateStar GmbH

Authority:
COMODO CA Limited

Valid from:
1/2/2013 1:00:00 AM

Valid to:
1/3/2016 12:59:59 AM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009ED227324380B40DDE36C8D31A33831F

File PE Metadata
Compilation timestamp:
8/27/2014 6:04:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:HZaCV2FHNQRBzOFdPhO50a6gPXPq6rlT7h8XKcAJGhRR:5aCcFHg0PhO50xCfTrxhy

Entry address:
0x1A3E3

Entry point:
E8, B0, C7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 24, F4, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E8, D2, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 70, 31, 43, 00...
 
[+]

Code size:
200 KB (204,800 bytes)

The file localbackup_enu.exe has been seen being distributed by the following URL.

http://static.updatestar.net/dl/updatestar/.../localbackup_ENU.exe

Remove localbackup_enu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.