home

updater.exe

Long Mile Solutions, LLC

Part of the branded Injekt adware package, the updater mechanism is an auto-starting program that is desigend to update the web browser extensions and protect the executables ChromeHelper, FirefoxHelper and IeHelper so that these programs can inject advertisments and generate popups in the user's web browser. The application updater.exe by Long Mile Solutions has been detected as adware by 23 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Updater’.
Publisher:
Updater  (signed by Long Mile Solutions, LLC)

Product:
Updater

Description:
Updater service

Version:
1, 0, 0, 1

MD5:
2b06932b87bfdee1a3d63ce653a3b99d

SHA-1:
6a9ac1cc625aa7ef90dc1d7cead78e8328505898

SHA-256:
8ca138cc85e3d78791eeedfffe09fff9252ef7a91ed0e79271df1c17227f338c

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/20/2024 1:27:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NUE
397

Agnitum Outpost
PUA.Plugin
7.1.1

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:TubeDim-A [PUP]
2014.9-160104

Bitdefender
Adware.Agent.NUE
1.0.20.20

Bkav FE
W32.Clod4a8.Trojan
1.3.0.4613

Dr.Web
Adware.Plugin.128
9.0.1.04

Emsisoft Anti-Malware
Adware.Agent.NUE
8.16.01.04.01

F-Secure
Adware.Agent.NUE
11.2016-04-01_2

G Data
Win32.Application.TubeDimmer
16.1.22

IKARUS anti.virus
AdWare.Agent
t3scan.2.2.29

Malwarebytes
PUP.Optional.Updater.A
v2016.01.04.01

McAfee
Artemis!A5F634DAE5C0
5600.6531

MicroWorld eScan
Adware.Agent.NUE
17.0.0.12

NANO AntiVirus
Riskware.Win32.Plugin.dbxlkn
0.30.0.296

Norman
Malware
11.20160104

nProtect
Adware.Agent.NUE
14.02.02.01

Reason Heuristics
PUP.Injekt.LongMileSolutions (M)
16.1.4.1

Sophos
Spy Alert
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9407

Trend Micro House Call
TROJ_GEN.F47V1106
7.2.4

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
38158

File size:
306.6 KB (313,992 bytes)

Product version:
1, 0, 0, 1

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\updater\updater.exe

Digital Signature
Signed by:
Long Mile Solutions, LLC

Authority:
COMODO CA Limited

Valid from:
4/25/2013 7:00:00 PM

Valid to:
4/26/2014 6:59:59 PM

Subject:
CN="Long Mile Solutions, LLC", O="Long Mile Solutions, LLC", STREET=640 GRAND AVE STE E, L=CARLSBAD, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
53B89B8046F82D87A2C562F3D007CB45

File PE Metadata
Compilation timestamp:
10/21/2013 10:57:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:LAPCzMXxuNCt6nFZJRoy71YTUjw4C2iF+JcFaBjv7+Yh7Xs64G058VazCZKsIBkd:LAazMXn+FZTR82UhEdv6iTsc3aOZVGi

Entry address:
0x1ED07

Entry point:
E8, 53, 96, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 1C, D5, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 10, EC, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 44, 41, 43, 00...
 
[+]

Entropy:
6.4355

Code size:
200.5 KB (205,312 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Updater

Command:
C:\ProgramData\updater\updater.exe


Remove updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.