» UpdateAdmin.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (6)

UpdateAdmin.exe

Download Admin

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application UpdateAdmin.exe by Download Admin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘UpdateAdmin’. This file is typically installed with the program UpdateAdmin by Download Admin which is a potentially unwanted software program.

File name:

UpdateAdmin.exe

Publisher:

DownloadAdmin (signed by Download Admin)

Version:

2.0.1999

MD5:

68983eed11d17281827bcd54e21b1d6e

SHA-1:

4450b6ef2eb8dcbac07ec92d8c19e868bee4de7d

SHA-256:

243c680cde5597617a82f399942eed0ca08d66ca7a1b68f86d88d3a131ad8726

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 4:39:32 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Tightrope.DownloadAdmin (M)

15.7.30.0

File size:

231.8 KB (237,328 bytes)

Product version:

2.0.1999

Original file name:

UpdateAdmin.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\updateadmin\updateadmin.exe

Digital Signature

Signed by:

Download Admin

Authority:

VeriSign, Inc.

Valid from:

3/19/2013 7:00:00 PM

Valid to:

5/29/2016 6:59:59 PM

Subject:

CN=Download Admin, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Download Admin, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2EEB247A8F9D63D74CE7EF9551E3D401

File PE Metadata

Compilation timestamp:

7/28/2015 2:14:00 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:6Rt7kD2VbTFbvsPOW4VHJX4/1+GGtdgxiXgf5G6PuRH5Abl:6/7YIZbv7W4lJI0dngfM6W38l

Entry address:

0x11BC0

Entry point:

E8, AF, 71, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 60, B3, 42, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, F0, 91, 42, 00, 01, 0F, 82, E4, 72, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03... 
[+]

Entropy:

6.3112

Code size:

115.5 KB (118,272 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

UpdateAdmin

Command:

C:\users\{user}\appdata\local\updateadmin\updateadmin.exe \run

The file UpdateAdmin.exe has been discovered within the following program.

UpdateAdmin by Download Admin

Download Admin, part of Tightrope Interactive, is a software installer that will bundle additional software, mostly potentially unwanted software such as web toolbars and PC optimizer utilities.

www.downloadadmin.com

89% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-69-76-198.us-west-2.compute.amazonaws.com (54.69.76.198:80)

TCP (HTTP):

Connects to a104-75-84-32.deploy.static.akamaitechnologies.com (104.75.84.32:80)

TCP (HTTP):

Connects to static.vnpt.vn (113.171.230.110:80)

TCP (HTTP):

Connects to ec2-52-45-84-141.compute-1.amazonaws.com (52.45.84.141:80)

TCP (HTTP):

Connects to a173-222-148-33.deploy.static.akamaitechnologies.com (173.222.148.33:80)

TCP (HTTP):

Connects to a23-60-139-27.deploy.static.akamaitechnologies.com (23.60.139.27:80)

Remove UpdateAdmin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.