» Updater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Updater.exe

Updater

IAC Search and Media

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application Updater.exe, “Search-Results Updater” by IAC Search and Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ApnUpdater’. This file is typically installed with the program Search-Results Toolbar by Search-Results.com which is a potentially unwanted software program.

File name:

Updater.exe

Publisher:

Search-Results (signed by IAC Search and Media)

Product:

Updater

Description:

Search-Results Updater

Version:

1.0.0.16752

MD5:

d746c02dc1ee841ece107d63be4d6428

SHA-1:

05357197037883d6ca6fe5b9a7979abee875a6e4

SHA-256:

52aa39a66083548de595ec6c4812f2c8d5ec54ea70835dd664f4e6dc7593eda4

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 6:15:10 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Ask (M)

17.2.18.18

File size:

386 KB (395,240 bytes)

Product version:

1.0.0.16752

Original file name:

Updater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ask.com\updater\updater.exe

Digital Signature

Signed by:

IAC Search and Media

Authority:

VeriSign, Inc.

Valid from:

10/21/2009 1:00:00 AM

Valid to:

10/21/2012 12:59:59 AM

Subject:

CN=IAC Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC Search and Media, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

596DF135D6540E700E84211A065D9C98

File PE Metadata

Compilation timestamp:

5/18/2011 3:34:01 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x352BA

Entry point:

E8, AF, 7E, 00, 00, E9, 79, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 84, 80, 45, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 84, 80, 45, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, CC, CC, CC, 68, F0, 4B, 43, 00, 64, FF, 35, 00, 00... 
[+]

Entropy:

6.2558

Code size:

275 KB (281,600 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ApnUpdater

Command:

"C:\Program Files\ask.com\updater\updater.exe"

The file Updater.exe has been discovered within the following program.

Search-Results Toolbar by Search-Results.com

The Search-Results Toolbar by APN is an advertising supported toolbar for Intenet Explorer and Firefox (a web browser extension) that is typically installed via a software bundler.

87% remove it

Remove Updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.