home

updater.exe

Big Water Applications, LLC

Part of the branded Injekt adware package, the updater mechanism is an auto-starting program that is desigend to update the web browser extensions and protect the executables ChromeHelper, FirefoxHelper and IeHelper so that these programs can inject advertisments and generate popups in the user's web browser. The application updater.exe by Big Water Applications has been detected as adware by 23 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Updater’.
Publisher:
Updater  (signed by Big Water Applications, LLC)

Product:
Updater

Description:
Updater service

Version:
1, 0, 0, 1

MD5:
f3a1e27d657726fa962b022e60ae51ea

SHA-1:
b55abbff6a78d838aacbce271f7d4200ced6565e

SHA-256:
1c5f202c04c01445206b8dc47aa6308be6d3cb21669087126ca2abd842980aca

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/25/2024 9:25:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NUE
826

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:TubeDim-A [PUP]
2014.9-141031

Bitdefender
Adware.Agent.NUE
1.0.20.1520

Bkav FE
W32.Clod4a8.Trojan
1.3.0.4613

Dr.Web
Adware.Downware.2535
9.0.1.0304

Emsisoft Anti-Malware
Adware.Agent.NUE
8.14.10.31.07

ESET NOD32
Win32/Toolbar.WebApp (variant)
8.10139

Fortinet FortiGate
Riskware/Toolbar_WebApp
10/31/2014

F-Secure
Adware.Agent.NUE
11.2014-31-10_6

G Data
Win32.Application.TubeDimmer
14.10.24

IKARUS anti.virus
AdWare.Agent
t3scan.2.2.29

Malwarebytes
PUP.Optional.Updater.A
v2014.10.31.07

McAfee
Artemis!F3A1E27D6577
5600.6960

MicroWorld eScan
Adware.Agent.NUE
15.0.0.912

Norman
Malware
11.20141031

nProtect
Adware.Agent.NUE
14.02.02.01

Reason Heuristics
PUP.Startup.BigWaterApplications.H
14.10.31.19

Sophos
Search Donkey
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10265

Trend Micro House Call
Suspicious_GEN.F47V0716
7.2.304

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Injekt
31518

File size:
475.6 KB (487,016 bytes)

Product version:
1, 0, 0, 1

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\updater\updater.exe

Digital Signature
Signed by:
Big Water Applications, LLC

Authority:
COMODO CA Limited

Valid from:
4/21/2013 7:00:00 PM

Valid to:
4/22/2014 6:59:59 PM

Subject:
CN="Big Water Applications, LLC", O="Big Water Applications, LLC", STREET=640 Grand Ave, STREET=Suite E, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0088DD6A4DF46D819C84B9E99D7A0530C5

File PE Metadata
Compilation timestamp:
12/18/2013 10:35:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:BJaajpaaUiBnRopmEPOXXxmCORTIdVtn7+7sjpJTx98ImrJ+fbF:BIypaaUiDopzPOXaREF7/jvxRmt+fbF

Entry address:
0x38792

Entry point:
E8, 59, D2, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, FE, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 40, 7C, 46, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 42, 5B, 00, 00, 59, FF, 34, F5, 40, 7C, 46, 00, FF, 15, 88, 50, 45, 00, 5E, 5D, C3, 56, 57, BE, 40, 7C, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F...
 
[+]

Entropy:
6.4593

Code size:
332.5 KB (340,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Updater

Command:
C:\ProgramData\updater\updater.exe


Remove updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.