home

_updater.exe

Creative Island Media, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application _updater.exe by Creative Island Media has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program Updater by Creative Island Media, LLC which is a potentially unwanted software program. While running, it connects to the Internet address update.betterxperience.com on port 80 using the HTTP protocol.
Publisher:
Updater  (signed by Creative Island Media, LLC)

Product:
Updater

Description:
Updater service

Version:
1, 0, 0, 1

MD5:
449f0c268bd72fabfd2d8d69165c2998

SHA-1:
b152f820507e7f564c0c41cabb24fb97d44e36a8

SHA-256:
5be59155f418fb40492422ff380c0f8bcf506ff7b481a05e14f907bac9d505c2

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/26/2024 5:24:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CreativeIslandMedia.I
14.8.7.20

VIPRE Antivirus
SearchDonkey
25774

File size:
478.9 KB (490,360 bytes)

Product version:
1, 0, 0, 1

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\updater\_updater.exe

Digital Signature
Signed by:
Creative Island Media, LLC

Authority:
VeriSign, Inc.

Valid from:
5/20/2013 9:00:00 PM

Valid to:
5/21/2014 8:59:59 PM

Subject:
CN="Creative Island Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Creative Island Media, LLC", L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
68F23F4D2767F6491DEA9186F2E5CB89

File PE Metadata
Compilation timestamp:
12/23/2013 8:23:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:OESiXglNHpDliUV6I6NVMUzUUYP5jL8gWeRx9Fq+u+4JqEAMaT3Qe5r9Tw:OQgNHpDAUVP6TMUzUz5Nj9Ft4Jquakm0

Entry address:
0x38FB2

Entry point:
E8, B9, D1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, FE, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 40, 7C, 46, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, A2, 5A, 00, 00, 59, FF, 34, F5, 40, 7C, 46, 00, FF, 15, 88, 50, 45, 00, 5E, 5D, C3, 56, 57, BE, 40, 7C, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F...
 
[+]

Entropy:
6.4423

Code size:
334.5 KB (342,528 bytes)

The file _updater.exe has been discovered within the following program.

Updater  by Creative Island Media, LLC
This is the updater program installed with the company's TubeDimmer software which is typically installed through a bundled offer and is potentially unwanted.
www.injekt.com
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.betterxperience.com  (54.218.62.24:80)

TCP (HTTP):
Connects to d.pullupdate.com  (54.230.15.37:80)

Remove _updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.