» updater.exe
Overview
Analysis
File Details
Downloads (1)

updater.exe

The application updater.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from cds.d5v5w7m8.hwcdn.net.

File name:

updater.exe

Version:

1.1.4.2

MD5:

ccabf5cd04ad315b2d67cdb78169c2c8

SHA-1:

7d97d368044e3756a3087130be5685496140744a

SHA-256:

dbcaca1761a431205621420777f0e384b5bfe8c139b202a96012fab81a2665bc

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

5/7/2024 2:54:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.145808

5880591

AhnLab V3 Security

PUP/Win32.Amonetize

2015.08.03

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Arcabit

Trojan.Zusy.D23990

1.0.0.425

avast!

Win32:Amonetize-KC [PUP]

2014.9-150803

Baidu Antivirus

Adware.Win32.Amonetize

4.0.3.1583

Bitdefender

Gen:Variant.Zusy.145808

1.0.20.1075

Emsisoft Anti-Malware

Gen:Variant.Zusy.145808

8.15.08.03.10

ESET NOD32

Win32/Amonetize.ER potentially unwanted application

9.7.0.302.0

F-Secure

Gen:Variant.Zusy.145808

11.2015-03-08_2

G Data

Gen:Variant.Zusy.145808

15.8.25

IKARUS anti.virus

PUA.SearchProtect

t3scan.1.9.5.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1638

Malwarebytes

PUP.Optional.Amonetize.A

v2015.08.03.11

MicroWorld eScan

Gen:Variant.Zusy.145808

16.0.0.645

Norman

Gen:Variant.Zusy.145808

11.20150803

Panda Antivirus

Trj/Genetic.gen

15.08.03.11

Qihoo 360 Security

Win32/Virus.Adware.8c5

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.10.14

File size:

626 KB (641,024 bytes)

Product version:

1.1.4.2

Original file name:

u2.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\22574\updater.exe

File PE Metadata

Compilation timestamp:

8/3/2015 9:24:04 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:RPmE4Gm7fmdkWHpz4+i2ZkbpbxCgcZyTwiWFZNS9LySHXUN9h7MVk0LSj/s1a3/R:RP06dxz4Avbh7MVbLSg1nCt

Entry address:

0x57F14

Entry point:

E8, DA, C7, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 14, 82, 47, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 50, 11, 47, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63... 
[+]

Code size:

444.5 KB (455,168 bytes)

The file updater.exe has been seen being distributed by the following URL.

http://cds.d5v5w7m8.hwcdn.net/Updater.exe

Remove updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.