home

Thomson.West.Updater.App.exe

Thomson.West.Updater.App

THOMSON REUTERS APPLICATIONS INC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WestUpdater’.
Publisher:
THOMSON REUTERS APPLICATIONS INC.  (signed and verified)

Product:
Thomson.West.Updater.App

Version:
2.2.1.3

MD5:
4b91bd42594a97173074d4398541faab

SHA-1:
7410f06f2910f91de8810376dd51f7909277c15f

SHA-256:
12ef32642c67883a6a1d5ac15ff934623d936c1d792d6421ed694765db43d810

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/20/2024 1:54:31 AM UTC  (today)

File size:
29.2 KB (29,880 bytes)

Product version:
2.2.1.3

Copyright:
Copyright © 2007

Original file name:
Thomson.West.Updater.App.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\thomson\west\updater\thomson.west.updater.app.exe

Digital Signature
Signed by:
THOMSON REUTERS APPLICATIONS INC.

Authority:
Thawte, Inc.

Valid from:
11/14/2010 5:00:00 PM

Valid to:
2/26/2013 4:59:59 PM

Subject:
CN=THOMSON REUTERS APPLICATIONS INC., OU=ProDoc, O=THOMSON REUTERS APPLICATIONS INC., L=Eagan, S=Minnesota, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
74CD71888FF70E938C1F0C7208A6860A

File PE Metadata
Compilation timestamp:
7/9/2012 2:44:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:STKd8HM+AioJv096ucioG96ucioUjLW/lqj4fk/MwYCbcZsH5OjuI3mirIL27uH8:aKiTAiozioPioGE4//My1Aju7IIL4

Entry address:
0x72FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8580

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
21 KB (21,504 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WestUpdater

Command:
C:\Program Files\thomson\west\updater\thomson.west.updater.app.exe


Scan Thomson.West.Updater.App.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.