home

updater.exe

Big Water Applications, LLC

Part of the branded Injekt adware package, the updater mechanism is an auto-starting program that is desigend to update the web browser extensions and protect the executables ChromeHelper, FirefoxHelper and IeHelper so that these programs can inject advertisments and generate popups in the user's web browser. The application updater.exe by Big Water Applications has been detected as adware by 23 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Updater’.
Publisher:
Updater  (signed by Big Water Applications, LLC)

Product:
Updater

Description:
Updater service

Version:
1, 0, 0, 1

MD5:
9addb9d764d4d454a391a9347df5ef03

SHA-1:
dedcbe66bbeda6ede05b67e8a19d49839441a336

SHA-256:
8ad58355eb587ddc02083d759e55923e33b27d12f241933c31417dfadb4c91d7

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/24/2024 7:05:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NUE
426

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:TubeDim-A [PUP]
2014.9-151205

Bitdefender
Adware.Agent.NUE
1.0.20.1695

Bkav FE
W32.Clod4a8.Trojan
1.3.0.4613

Dr.Web
Adware.Downware.2535
9.0.1.0339

Emsisoft Anti-Malware
Adware.Agent.NUE
8.15.12.05.11

ESET NOD32
Win32/Toolbar.WebApp (variant)
9.10139

Fortinet FortiGate
Riskware/Toolbar_WebApp
12/5/2015

F-Secure
Adware.Agent.NUE
11.2015-05-12_7

G Data
Win32.Application.TubeDimmer
15.12.24

IKARUS anti.virus
AdWare.Agent
t3scan.2.2.29

Malwarebytes
PUP.Optional.Updater.A
v2015.12.05.11

McAfee
Artemis!F3A1E27D6577
5600.6560

MicroWorld eScan
Adware.Agent.NUE
16.0.0.1017

Norman
Malware
11.20151205

nProtect
Adware.Agent.NUE
14.02.02.01

Reason Heuristics
PUP.Injekt.BigWaterApplications (M)
15.12.5.23

Sophos
Search Donkey
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9465

Trend Micro House Call
Suspicious_GEN.F47V0716
7.2.339

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Injekt
31518

File size:
479.6 KB (491,112 bytes)

Product version:
1, 0, 0, 1

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\updater\updater.exe

Digital Signature
Signed by:
Big Water Applications, LLC

Authority:
COMODO CA Limited

Valid from:
4/21/2013 8:00:00 PM

Valid to:
4/22/2014 7:59:59 PM

Subject:
CN="Big Water Applications, LLC", O="Big Water Applications, LLC", STREET=640 Grand Ave, STREET=Suite E, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0088DD6A4DF46D819C84B9E99D7A0530C5

File PE Metadata
Compilation timestamp:
2/5/2014 8:28:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:64d6Afas0pew/tDQGK3EOg9STkrkEFQ1i:644Afqv/VQEl9e8hFQ1i

Entry address:
0x38F92

Entry point:
E8, C9, D1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, FE, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 40, 7C, 46, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, A2, 5A, 00, 00, 59, FF, 34, F5, 40, 7C, 46, 00, FF, 15, 88, 50, 45, 00, 5E, 5D, C3, 56, 57, BE, 40, 7C, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F...
 
[+]

Entropy:
6.4446

Code size:
334.5 KB (342,528 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Updater

Command:
C:\ProgramData\updater\updater.exe


Remove updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.