» Updater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (4)
Network (1)

Updater.exe

Updater

Escolade Solutions LTD.

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application Updater.exe by Escolade Solutions has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named Escolade triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including iPumper Installer by Escolade Solutions LTD and iPumper by Escolade Solutions LTD, both potentially unwanted software. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Updater.exe

Publisher:

Escolade Solutions LTD. (signed and verified)

Product:

Updater

Version:

1.0.0.0

MD5:

f522bc729222f08a3e530383f41ec676

SHA-1:

9cdaa2ca224014bd431887bee5dcc1b308784f67

SHA-256:

22226d0d5ee85ae0c7ce7d99a793dde4cd51d2d49a415e9f9bc561ff6c6b28f4

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/18/2024 8:10:48 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/iPumper.L.1

7.11.109.226

avast!

Win32:PUP-gen [PUP]

2014.9-131226

AVG

AdInstaller.U

2014.0.3613

Bkav FE

W32.Clodd17.Trojan

1.3.0.4261

Boost by Reason

Optional.Task.EscoladeSolutions.H

188838

IKARUS anti.virus

AdWare.iPumper

t3scan.2.0.127

McAfee

RDN/Generic.tfr!dr

5600.7269

Panda Antivirus

Suspicious file

13.12.26.06

Reason Heuristics

PUP.Task.EscoladeSolutions.H

14.8.8.0

Trend Micro House Call

TROJ_GEN.R0C1H06JL13

7.2.360

VIPRE Antivirus

iPumper

22806

File size:

15.9 KB (16,256 bytes)

Product version:

1.0.0.0

Original file name:

Updater.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\ipumper\updater.exe

Digital Signature

Signed by:

Escolade Solutions LTD.

Authority:

COMODO CA Limited

Valid from:

9/25/2012 1:00:00 AM

Valid to:

9/26/2013 12:59:59 AM

Subject:

CN=Escolade Solutions LTD., O=Escolade Solutions LTD., STREET=Akademica Vernadskogo blvd. 36-507, L=Kiev, S=Kiev, PostalCode=03451, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0FB283CB6EEA8D0204BFA51C4BCE925C

File PE Metadata

Compilation timestamp:

4/4/2013 10:19:15 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:LepTHyHaYO5B7SmReFPKBZCxV8xXGGPOJv:LenXB7rRe5W08dG3v

Entry address:

0x42EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.8348

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

9 KB (9,216 bytes)

Scheduled Task

Task name:

Escolade

Trigger:

Daily (Runs daily at 16:21)

The file Updater.exe has been discovered within the following programs.

iPumper by Escolade Solutions LTD

iPumper is a download manager and just a re-branded/distributed version of "Fast File Downloader" by www.anyfiledownloader.com. Which is distributed by FreeMediaPack that bundles various potentially unwanted programs.

62% remove it

iPumper Installer by Escolade Solutions LTD

Publisher's description - “iPumper is a small, flexible and easy-to-use application that lets you to download popular software from the web without leaving the application’s window.”

products-placement.com/ipumper

81% remove it

Oxy Installer by Escolade Solutions LTD

Oxy Installer is a potentially unwanted download and install manager from FINEDREAM INVEST that is desigend to deliver additional offers, typically adware in nature such as web browser toolbars and extensions.

65% remove it

PileFile downloader by Escolade Solutions LTD

This is a potentially unwanted download and install manager from FINEDREAM INVEST that is desigend to deliver additional offers, typically adware in nature such as web browser toolbars and extensions.

79% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to lb-182-250.above.com (103.224.182.250:80)

Remove Updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.