home

software_updater.exe

The application software_updater.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from files.getsoftfree.com a known adware distribution point operated by Air Software.
MD5:
ef4620013b2229a9671855c3765d4321

SHA-1:
923d807e042f69bc390a1b94157629720d2c4e52

SHA-256:
fb96a6668cd4673fd35f99d112e97c5aa7718f05857fc4516ac78537f0cfe186

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 6:51:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Graftor.155900
812

Agnitum Outpost
PUA.AirAd
7.1.1

AhnLab V3 Security
PUP/Win32.Installer
2014.09.18

Avira AntiVirus
ADWARE/Adware.Gen
7.11.173.16

AVG
Generic
2015.0.3290

Bitdefender
Gen:Variant.Application.Bundler.Graftor.155900
1.0.20.1595

Dr.Web
Trojan.SMSSend.5417
9.0.1.0319

ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
8.7.0.302.0

F-Prot
W32/A-ad198980
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2014-15-11_7

G Data
Gen:Variant.Application.Bundler.Graftor.155900
14.11.24

herdProtect (fuzzy)
variant of softwareupdate.exe (Adware)
2014.11.15.11

IKARUS anti.virus
PUA.AirAdInstaller
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13407

Malwarebytes
PUP.Optional.AirInstaller
v2014.11.15.06

MicroWorld eScan
Gen:Variant.Application.Bundler.Graftor.155900
15.0.0.957

NANO AntiVirus
Riskware.Win32.AirAdInstaller.derosj
0.28.2.62151

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
23.00.65.141113

Sophos
AirInstaller
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10357

Vba32 AntiVirus
AdWare.AirAdInstaller
3.12.26.3

VIPRE Antivirus
Threat.4784938
32938

File size:
908.4 KB (930,200 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\software_updater.exe

File PE Metadata
Compilation timestamp:
9/2/2014 5:11:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:hWuN+lLUnxkKPXGUmJ7Yvi2HiylD2G3JcCxqkjiWRH8UBwq:cFlL4hXIJ06c1ZR0gXRfB5

Entry address:
0x2A06C0

Entry point:
60, BE, 00, E0, 5C, 00, 8D, BE, 00, 30, E3, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8736

Packer / compiler:
UPX 2.90LZMA

Code size:
844 KB (864,256 bytes)

The file software_updater.exe has been seen being distributed by the following URL.

http://files.getsoftfree.com/get/click/.../?uid=102559_b7accc76ce34fc0cbb8db07654c706b8&sid=2296&filename=software_updater

Remove software_updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.