» updater.exe
Overview
Analysis
File Details
Behaviors (1)
Network (142)

updater.exe

The application updater.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “updater”.

File name:

updater.exe

MD5:

086d96002f22e0dd97c93e4a7366cc03

SHA-1:

294e4b984474a9dc27fa32062135d8c4bfaae1b3

SHA-256:

17990c352ea6e1b5cfafc66253e2c7ed500b43288755ef26b66d871659a50303

Scanner detections:

18 / 68

Status:

Potentially unwanted

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

4/26/2024 8:37:40 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Adpeak

7.1.1

AhnLab V3 Security

PUP/Win32.MDA

2014.12.09

Avira AntiVirus

APPL/Adpeak.682992

7.11.190.0

avast!

Win32:Adware-gen [Adw]

2014.9-141202

AVG

Generic6

2015.0.3272

Baidu Antivirus

Adware.Win32.Adpeak

4.0.3.14122

Clam AntiVirus

Win.Trojan.Adpeak

0.98/21511

Comodo Security

ApplicUnwnt

20268

Dr.Web

Trojan.DownLoad3.35130

9.0.1.0336

ESET NOD32

Win32/Adware.Adpeak (variant)

8.10816

IKARUS anti.virus

PUA.Adpeak

t3scan.1.8.5.0

Kaspersky

not-a-virus:AdWare.Win32.AdPeak

14.0.0.2825

McAfee

Trojan.Artemis!071ABF784363

5600.6922

NANO AntiVirus

Trojan.Win32.DownLoad3.djkwer

0.28.6.63850

Panda Antivirus

Generic Suspicious

14.12.09.12

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.9.0

Trend Micro House Call

Suspicious_GEN.F47V1202

7.2.336

VIPRE Antivirus

Threat.4150696

35418

File size:

664 KB (679,936 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\mediainformationaccess\updater.exe

File PE Metadata

Compilation timestamp:

11/26/2014 10:01:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

12288:xVq7peS4rDlNOODRcFNxHnalge5w/tv7BaL0Ec/fX:xM4HO1FzHal5wFvAK

Entry address:

0x12741

Entry point:

E8, 81, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, 60, 4A, 00, 89, 0D, CC, 60, 4A, 00, 89, 15, C8, 60, 4A, 00, 89, 1D, C4, 60, 4A, 00, 89, 35, C0, 60, 4A, 00, 89, 3D, BC, 60, 4A, 00, 66, 8C, 15, E8, 60, 4A, 00, 66, 8C, 0D, DC, 60, 4A, 00, 66, 8C, 1D, B8, 60, 4A, 00, 66, 8C, 05, B4, 60, 4A, 00, 66, 8C, 25, B0, 60, 4A, 00, 66, 8C, 2D, AC, 60, 4A, 00, 9C, 8F, 05, E0, 60, 4A, 00, 8B, 45, 00, A3, D4, 60, 4A, 00, 8B, 45, 04, A3, D8, 60, 4A, 00, 8D, 45, 08, A3, E4, 60, 4A, 00, 8B... 
[+]

Entropy:

6.3437

Code size:

480 KB (491,520 bytes)

Service

Display name:

updater

Type:

Win32OwnProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 208.43.234.241-static.reverse.softlayer.com (208.43.234.241:80)

TCP (HTTP):

Connects to m-prd-pxl-adcom-mtc.evip.aol.com (64.12.106.9:80)

TCP (HTTP):

Connects to ec2-54-146-221-202.compute-1.amazonaws.com (54.146.221.202:80)

TCP (HTTP):

Connects to s-prd-ads02-adcom_nwa_blue.evip.aol.com (149.174.67.71:80)

TCP (HTTP):

Connects to s-prd-ads01-adcom_nwa_blue.evip.aol.com (149.174.67.65:80)

TCP (HTTP):

Connects to net64-20-243-243.static-customer.corenap.com (64.20.243.243:80)

TCP (HTTP):

Connects to host-21.techconnect.nl (62.133.211.21:80)

TCP (HTTP):

Connects to cservu-21.btrll.com (162.208.21.166:80)

TCP (HTTP):

Connects to yk-in-f94.1e100.net (74.125.196.94:80)

TCP (HTTP):

Connects to yk-in-f156.1e100.net (74.125.196.156:80)

TCP (HTTP):

Connects to yk-in-f155.1e100.net (74.125.196.155:80)

TCP (HTTP):

Connects to yk-in-f154.1e100.net (74.125.196.154:80)

TCP (HTTP):

Connects to yk-in-f149.1e100.net (74.125.196.149:80)

TCP (HTTP):

Connects to yk-in-f148.1e100.net (74.125.196.148:80)

TCP (HTTP):

Connects to yk-in-f138.1e100.net (74.125.196.138:80)

TCP (HTTP):

Connects to yk-in-f113.1e100.net (74.125.196.113:80)

TCP (HTTP):

Connects to yk-in-f102.1e100.net (74.125.196.102:80)

TCP (HTTP SSL):

Connects to yk-in-f101.1e100.net (74.125.196.101:443)

TCP (HTTP SSL):

Connects to vip1.g.cachefly.net (205.234.175.175:443)

TCP (HTTP):

Connects to video.sj2.vcmedia.com (64.156.167.69:80)

Remove updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.