home

update.exe

Internet Explorer Toolbar

Retail Benefits Inc

The application update.exe, “Internet Explorer Toolbar Updater” by Retail Benefits Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Retail Benefits Inc  (signed and verified)

Product:
Internet Explorer Toolbar

Description:
Internet Explorer Toolbar Updater

Version:
4.3.0.37

MD5:
f328d50e61a53933db0d3758577007c0

SHA-1:
962754c6c6bd198851e5f2b17be3110e09de6f28

SHA-256:
b6a0a3399f2dfb94e313afef4e11d73ccacf6b5c945b03a0570aa007a499d5bd

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 10:21:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.RetailBenefits.Toolbar (M)
16.1.27.18

File size:
91.4 KB (93,624 bytes)

Product version:
4.3.0.37

Copyright:
Copyright © 2001-2012. All rights reserved.

Original file name:
update.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shopping assistant_64\update.exe

Digital Signature
Signed by:
Retail Benefits Inc

Authority:
COMODO CA Limited

Valid from:
2/7/2013 6:00:00 PM

Valid to:
2/8/2016 5:59:59 PM

Subject:
CN=Retail Benefits Inc, O=Retail Benefits Inc, STREET=9403 Caserta St, STREET=9403 Caserta St, L=Lake Worth, S=Florida, PostalCode=33467, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0095AD86E4BF930709DD8BD19967F69439

File PE Metadata
Compilation timestamp:
2/27/2013 12:12:01 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:KXG/+ACt771b75jmnz9pQ+m8m0+MjtzEDbWdexrm5O4zp09KFgnIj2:KXGGACJBkTQom0+WuWwxrmtzp0ts2

Entry address:
0x3100

Entry point:
48, 83, EC, 28, E8, 43, 37, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, 48, 85, C9, 74, 37, 53, 48, 83, EC, 20, 4C, 8B, C1, 48, 8B, 0D, 78, 2F, 01, 00, 33, D2, FF, 15, E8, BF, 00, 00, 85, C0, 75, 17, E8, FB, 17, 00, 00, 48, 8B, D8, FF, 15, F6, BE, 00, 00, 8B, C8, E8, A3, 17, 00, 00, 89, 03, 48, 83, C4, 20, 5B, C3, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 59, 24, 01, 00, FF, 15, EB, BF, 00, 00, 4C, 8B, 1D, 44, 25, 01, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24...
 
[+]

Entropy:
6.1107

Code size:
55.5 KB (56,832 bytes)

Remove update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.