home

softwareupdatesetup.exe

KawagaSoft

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application softwareupdatesetup.exe by KawagaSoft has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
KawagaSoft  (signed and verified)

MD5:
183d3f361e502561cba655c81100d80e

SHA-1:
aeec91897da86058d8f132f6e55c0f1734d2dc48

SHA-256:
ebbaea9cb8d249a15d54ba753e08e34640c6b977fc44699fa8dfa60dfe6d1e02

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 8:57:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
Adware/InstallCore.A.1159
7.11.164.150

AVG
Generic
2015.0.3348

Comodo Security
ApplicUnwnt
19028

Dr.Web
Trojan.Packed.25266
9.0.1.0260

ESET NOD32
Win32/InstallCore.OJ (variant)
8.9872

Fortinet FortiGate
Riskware/InstallCore
9/17/2014

herdProtect (fuzzy)
variant of icreinstall_skypeupdatesetup.exe (Adware)
2014.11.22.11

IKARUS anti.virus
Trojan.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.178.12257

Malwarebytes
PUP.Optional.Installcore
v2014.09.17.07

McAfee
CryptInno!2FE9E5AE79D4
5600.7004

Qihoo 360 Security
Win32/Virus.Adware.6f7
1.0.0.1015

Reason Heuristics
PUP.Installer.KawagaSoft.T
14.9.17.19

Sophos
Install Core Click run software
4.98

Trend Micro House Call
TROJ_GEN.F47V0518
7.2.260

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
InstallCore.b
29776

File size:
598.1 KB (612,496 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\appdata\local\temp\softwareupdatesetup.exe

Digital Signature
Signed by:
KawagaSoft

Authority:
COMODO CA Limited

Valid from:
3/31/2014 8:00:00 PM

Valid to:
4/1/2015 7:59:59 PM

Subject:
CN=KawagaSoft, O=KawagaSoft, STREET=28A Lilinblam St., L=Tel-Aviv, S=Israel, PostalCode=651307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D018EC12F4E67C808322B5B566F010A7

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:wfvpBJH+O1v2ICEp2OSMCRW4M7ef97DRC7IVT:wfvfJHDvbVS3ieBR

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.8483

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

Remove softwareupdatesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.