» updater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

updater.exe

SmarterPower

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application updater.exe by SmarterPower has been detected as adware by 22 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “UpdaterSvcSmarterPower”. This file is typically installed with the program SmarterPower by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

updater.exe

Publisher:

SmarterPower (signed and verified)

Version:

1.0.0.4

MD5:

0669421ef1d4dee9144d1660d55090ca

SHA-1:

723930087677d5cdd24b9ede079b6b7f00a6060b

SHA-256:

13ad509c001a4dcf95412a2ef870b607f6e7e9b685c053e332721aba6b8f06b7

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 12:33:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.SwiftBrowse.1

896

AVG

Generic

2015.0.3374

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14822

Bitdefender

Gen:Variant.Adware.SwiftBrowse.1

1.0.20.1170

Dr.Web

Trojan.BPlug.108

9.0.1.0234

Emsisoft Anti-Malware

Gen:Variant.Adware.SwiftBrowse

8.14.08.22.10

ESET NOD32

Win32/BrowseFox (variant)

8.10297

Fortinet FortiGate

Riskware/BrowseFox

8/22/2014

F-Secure

Gen:Variant.Adware.SwiftBrowse.1

11.2014-22-08_6

G Data

Gen:Variant.Adware.SwiftBrowse

14.8.24

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13139

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Kranet

14.0.0.3365

McAfee

Artemis!0669421EF1D4

5600.7030

MicroWorld eScan

Gen:Variant.Adware.SwiftBrowse.1

15.0.0.702

NANO AntiVirus

Trojan.Win32.BPlug.dcnjjv

0.28.2.61721

Qihoo 360 Security

Win32/Virus.Adware.639

1.0.0.1015

Reason Heuristics

PUP.Service.SmarterPower.H

14.8.25.1

Sophos

Generic PUA HC

4.98

Trend Micro House Call

Suspicious_GEN.F47V0819

7.2.234

VIPRE Antivirus

Trojan.Win32.Generic

32444

Zillya! Antivirus

Backdoor.Krap.Win32.11216

2.0.0.1899

File size:

132.7 KB (135,928 bytes)

Product version:

1.0.0.4

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\smarterpower\updater.exe

Digital Signature

Signed by:

SmarterPower

Authority:

VeriSign, Inc.

Valid from:

8/4/2014 8:00:00 PM

Valid to:

8/5/2015 7:59:59 PM

Subject:

CN=SmarterPower, O=SmarterPower, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

38D7C83A73CB4E3AC85648608E3170D8

File PE Metadata

Compilation timestamp:

8/7/2014 5:12:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:UAZDAYrRXnn5N6T7pp1IMTuTjw/lj2ttUBm1j9AG2fRcZ+IH1nT0sWjcd65fIVTW:UAJVJ6eCBgWG2fE7V365IVTHxiq25WQ

Entry address:

0x9CFB

Entry point:

E8, 01, 70, 00, 00, E9, 7F, FE, FF, FF, 6A, 08, 68, F8, B2, 41, 00, E8, 8F, 00, 00, 00, FF, 35, F4, E6, 41, 00, FF, 15, 88, 51, 41, 00, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 01, 00, 00, 00, CC, 6A, 08, 68, D8, B2, 41, 00, E8, 57, 00, 00, 00, E8, 26, 3E, 00, 00, 8B, 40, 78, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 13, 71, 00, 00, CC, E8, FE, 3D, 00, 00, 8B, 40, 7C, 85, C0... 
[+]

Entropy:

6.2369

Code size:

79.5 KB (81,408 bytes)

Service

Display name:

UpdaterSvcSmarterPower

Type:

Win32OwnProcess

Depends on:

RPCSS

The file updater.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

SmarterPower by Yontoo Technology, Inc.

SmarterPower is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.

smarterpowerunite.com/support

87% remove it

Remove updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.