» ServiceHostAppUpdater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (3)

ServiceHostAppUpdater.exe

Service Host App Updater

Win Services

The application ServiceHostAppUpdater.exe by Win Services has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Additionally, the file is typically installed by a number of programs including Pokki Start Menu by SweetLabs, Inc. and Edgeworld by SweetLabs, Inc..

File name:

Publisher:

Pokki (signed by Win Services)

Product:

Service Host App Updater

Version:

1, 0, 0, 0

MD5:

f55b82758ce878452a76f7b943d87d49

SHA-1:

8755ae729181220e1996c1facafe990229eada5f

SHA-256:

ada1698d3e8522c180cd2bdec5afc4fe5afca155fae1815e07a4a5990869dfa0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/18/2024 3:29:23 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.SweetLabs.Updater (L)

17.3.13.6

File size:

9.4 MB (9,859,640 bytes)

Product version:

1, 0, 0, 0

Original file name:

ServiceHostAppUpdater.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\sweetlabs app platform\engine\servicehostappupdater.exe

Digital Signature

Signed by:

Win Services

Authority:

COMODO CA Limited

Valid from:

10/20/2015 2:00:00 AM

Valid to:

10/20/2018 1:59:59 AM

Subject:

CN=Win Services, O=Win Services, STREET="510 Market St #301", L=San Diego, S=California, PostalCode=92101, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00882FAAFF80E36523D43662130839898B

File PE Metadata

Compilation timestamp:

10/30/2015 5:26:41 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x1FC864

Entry point:

48, 83, EC, 28, E8, 17, FD, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 48, 8B, 01, 4C, 8B, 40, F8, 48, 8B, C1, 41, 8B, 50, 04, 48, 2B, C2, 41, 83, 78, 08, 00, 74, 0D, 41, 8B, 50, 08, 48, 2B, CA, 48, 63, 09, 48, 2B, C1, C3, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 6C, 24, 10, 48, 89, 74, 24, 18, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 20, 48, 63, 41, 10, 33, DB, 49, 8B, E9, 4E, 63, 6C, 08, 0C, 46, 8B, 64, 08, 08, 4D, 8B, F0, 4D, 03, E9, 4C, 8B, FA, 45, 85, E4, 74, 30, 49, 8B, FD, 48, 63, 37, 48... 
[+]

Code size:

4 MB (4,214,784 bytes)

Scheduled Task

Task name:

SweetLabs App Platform

Trigger:

Logon (Runs on logon)

The file ServiceHostAppUpdater.exe has been discovered within the following programs.

Amazon by SweetLabs, Inc.

Amazon is an app for the Pokki desktop platform. The app itself runs as an embedded HTML5 program within the Pokki software outside of the web browser.

www.pokki.com/app/amazon

35% remove it

Edgeworld by SweetLabs, Inc.

Edgeworld is an app for the Pokki desktop platform. The app itself runs as an embedded HTML5 program within the Pokki software outside of the web browser.

www.pokki.com

38% remove it

Pokki Start Menu by SweetLabs, Inc.

Publisher's description - “Find and open your programs, files, control panel, and power options with one click of the Pokki start button. Search and access your apps, files, control panel, and power options with Pokki’s Windows 8 Start Menu.”

www.pokki.com/windows-8-start-menu

48% remove it

Remove ServiceHostAppUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.