masterupdater.exe

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application masterupdater.exe by Maxiget Limited has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named MaxigetMasterUpdate triggered daily at a specified time. This file is typically installed with the program Software Management Module by Maxiget Limited which is a potentially unwanted software program.
Publisher:
Maxiget Limited  (signed and verified)

MD5:
acfc43d5862543bb3d29aa07d1bb6f89

SHA-1:
d8fa2985d9e7c9855bb29589b9381207653299f2

SHA-256:
8d750f9673efac473b0e23a209585eeb8dd519124ca1186c251f26d571be80c8

Scanner detections:
5 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
11/24/2017 8:22:06 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:FourShared-BZ [PUP]
150319-1

Baidu Antivirus
PUA.Win32.4Shared
4.0.3.1552

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.10748
9.0.1.05190

Reason Heuristics
PUP.New IT Limited.Maxiget
15.5.2.10

File size:
551.8 KB (565,008 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\maxiget\master\updater\masterupdater.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
12/11/2014 2:36:00 PM

Valid to:
8/15/2016 9:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B83CBF523FA3B

File PE Metadata
Compilation timestamp:
4/30/2015 5:36:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:3Wzsl2rl9jVYloLkUzgVnZixqZVHuA4OHGOa12j8mP:3Wzsl2rl9uoLkUzcnZixmVH5Hay8mP

Entry address:
0x41718

Entry point:
E8, 26, AC, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, F5, 46, 00, E8, 52, 3E, 00, 00, E8, E7, 1D, 00, 00, 0F, B7, F0, 6A, 02, E8, B9, AB, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 7C, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.1959

Code size:
373.5 KB (382,464 bytes)

Scheduled Task
Task name:
MaxigetMasterUpdate

Trigger:
Daily (Runs daily at 2:46 PM)


The file masterupdater.exe has been discovered within the following programs.

Software Management Module  by Maxiget Limited
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 143.g8-ggc-bsa.google.com  (179.96.35.143:80)

TCP (HTTP):
Connects to any-in-2678.1e100.net  (216.239.38.120:80)

TCP (HTTP):
Connects to TIG-Net17-95.trueintergateway.com  (27.123.17.95:80)

TCP (HTTP):
Connects to TIG-Net17-102.trueintergateway.com  (27.123.17.102:80)

TCP (HTTP):
Connects to cache.google.com  (91.245.214.181:80)

Remove masterupdater.exe - Powered by Reason Core Security