updater.exe

Savings Wave

Innovative Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application updater.exe, “Savings Wave Updater” has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source.
Publisher:
Innovative Apps

Product:
Savings Wave

Description:
Savings Wave Updater

Version:
1.1.2.1

MD5:
d9b310630e02b758a1d0ff7525d73749

SHA-1:
afbe12634c741c5fa9d1f969fab2745d4808c4ce

SHA-256:
7faca27a2e87746756c9c3f696fa4c4583388abb4e633b3243994fa1481ca0d7

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
8/11/2020 3:33:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.3.5.2

File size:
537.3 KB (550,200 bytes)

Copyright:
Copyright Innovative Apps

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\updater.exe

File PE Metadata
Compilation timestamp:
2/19/2012 4:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
12288:AQobMI6wCMMRpnAFkDpuV3qcgH9r0bt6mxfznHHp4SALel9hxz:AQFI6TM5FkAacgmg2znmLA3z

Entry address:
0x4327

Entry point:
48, 89, DB, FF, C5, C6, C3, DC, B6, 3B, 0F, AF, D2, C6, C7, E6, 8B, D9, 81, FA, 83, 76, 00, 00, 75, 0A, 34, C1, 86, EF, C7, C6, 59, E0, C3, EA, 81, FA, C1, 30, 00, 00, 73, 02, 89, EE, 83, E2, 00, 81, F0, 00, 48, 7B, C3, B0, B9, 81, F2, 86, 0A, 00, 00, 69, CD, B9, D7, 24, DD, FF, C8, 81, F2, B1, 02, 00, 00, 0F, B6, C0, 52, 89, EE, 48, 8D, 1D, 93, 45, 0D, 60, 5D, 73, 03, 0F, B7, C7, 81, F5, B1, 0E, 00, 00, F7, C5, 75, E9, B1, 05, 2B, FD, 76, 06, 14, 57, 3C, 30, B1, 90, 81, EF, 0E, 0D, 00, 00, 73, 01, F2, 69...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file updater.exe has been seen being distributed by the following URL.

Remove updater.exe - Powered by Reason Core Security