» updater.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

updater.exe

The executable updater.exe has been detected as malware by 18 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from updater.shadowl2.es. While running, it connects to the Internet address cluster006.ovh.net on port 80 using the HTTP protocol.

File name:

updater.exe

MD5:

6714198fbcc9f8f44aba4e9110b90d59

SHA-1:

b66870fbcdefcc489a2a8cf15a93d6e19e98331f

SHA-256:

88e4cdeb532185074be947c4ecb3e41cd4b9c84731c1686e4ffd79329493e90a

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

4/24/2024 11:17:38 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.19643620

AhnLab V3 Security

Trojan/Win32.Generic.N2150376209

3.8.1.16

Avira AntiVirus

TR/Agent.sviyl

8.3.3.4

Arcabit

Trojan.Generic.D12BBCE4

1.0.0.788

avast!

Win32:Malware-gen

2014.9-161117

Bitdefender

Trojan.Generic.19643620

1.0.20.1610

Bkav FE

HW32.Packed

1.3.0.8455

Emsisoft Anti-Malware

Trojan.Generic.19643620

8.16.11.17.06

F-Secure

Trojan.Generic.19643620

11.2016-17-11_5

G Data

Trojan.Generic.19643620

16.11.25

IKARUS anti.virus

Trojan-PWS.OnlineGames

t3scan.2.1.16.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-724

MicroWorld eScan

Trojan.Generic.19643620

17.0.0.966

Panda Antivirus

Trj/CI.A

16.11.17.06

Qihoo 360 Security

HEUR/QVM18.1.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Heuristic!ET#98% (rdm+)

23.00.65.161115

Trend Micro House Call

TROJ_GEN.R00JH09KC16

7.2.322

VIPRE Antivirus

Trojan.Win32.Generic

53752

File size:

3.7 MB (3,879,808 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\updater.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:qaeP0453gRnbh5ISCIuTPCuVVR/w1KhIAV45hsO0CBjcF5N03z6OSxrVH81XFqsh:Fe8oVw1KcJAFzM6O6rVkFqRndO7

Entry address:

0x453042

Entry point:

B8, 00, 30, 85, 00, 68, 1C, 71, 49, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 68, 00, 00, 40, 00, 8B, 3C, 24, 8B, 30, 66, 81, C7, 80, 07, 8D, 74, 06, 08, 89, 38, 8B, 5E, 10, 50, 56, 6A, 02, 68, 80, 08, 00, 00, 57, 6A, 34, 6A, 06, 56, 6A, 04, 68, 80, 08, 00, 00, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 68, 81, C6, AE, 01, 00, 00, F3, A5, FF, D3, 58, 8D, 90, B8, 01, 00, 00, 8B, 0A, 0F, BA, F1, 1F, 73, 16, 8B, 04, 24, FD, 8B, F0, 8B, F8, 03, 72, 04, 03, 7A, 08, F3... 
[+]

Entropy:

7.7312

Packer / compiler:

Petite 2.2

Code size:

572.5 KB (586,240 bytes)

The file updater.exe has been seen being distributed by the following URL.

http://updater.shadowl2.es/.../Updater.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to cluster006.ovh.net (87.98.231.17:80)

Remove updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.