» Updater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Updater.exe

Update Helper

Goobzo LTD

This is part of the Goobzo YTDownloader a browser extension for downloading videos, however, the file will attempt ot modify the user's browser including resetting the home and seach pages as well as inject various forms of unwanted advertising in the browser. The application Updater.exe by Goobzo has been detected as adware by 29 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named SMWPUpd triggered to execute each time a user logs in. This file is typically installed with the program Search Module Plus by Goobzo LTD which is a potentially unwanted software program.

File name:

Updater.exe

Publisher:

Goobzo (signed by Goobzo LTD)

Product:

Update Helper

Version:

1.4.0.0

MD5:

892d9da05bc88c43240c1d27a774f1c0

SHA-1:

fbc26694c30e7c773f49805ffb05d384c9657cb4

SHA-256:

d14fc91c1e628993ebded4a01b6e5f0b514ce418718d3ec9ccf1fab3bc6e32b8

Scanner detections:

29 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/25/2024 7:03:09 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2015.02.01

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:Adware-CDO [PUP]

150129-1

AVG

MalSign.Skodna

2016.0.3213

Baidu Antivirus

Trojan.Win32.ShopperPro

4.0.3.15131

Bkav FE

W32.InjectAdwaredDwnA1.PE

1.3.0.4959

Dr.Web

Adware.Plugin.209

9.0.1.031

Emsisoft Anti-Malware

Gen:Trojan.FirewallBypass.Aq0@aG08kcoi

8.15.01.31.07

ESET NOD32

Win32/ShopperPro.A potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/ShopperPro

1/31/2015

G Data

Win32.Application.Shopperpro

15.1.24

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.6.1.0

K7 AntiVirus

Virus

13.181.12846

Kaspersky

not-a-virus:Downloader.NSIS.Agent

15.0.0.543

Malwarebytes

PUP.Optional.ShopperPro.A

v2015.01.31.07

McAfee

Artemis!0F2AA81CD1F9

5600.6869

Microsoft Security Essentials

Threat.Undefined

1.179.1221.0

NANO AntiVirus

Riskware.Win32.Shopper.dfropl

0.28.2.62286

nProtect

Virus/W32.SpyEye

14.07.27.01

Panda Antivirus

W32/Cosmu.E

15.01.31.07

Qihoo 360 Security

Unnamed.Threat

1.0.0.1015

Reason Heuristics

PUP.Task.Goobzo

15.1.31.7

Rising Antivirus

PE:Win32.Mgr.b!1594784

23.00.65.15129

Sophos

PUA 'Goobzo' (of type Adware)

5.09

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10082

Trend Micro House Call

TROJ_GEN.F47V1203

7.2.31

Vba32 AntiVirus

AdWare.Shopper

3.12.26.3

VIPRE Antivirus

Goobzo

24504

Zillya! Antivirus

Adware.Shopper.Win32.300

2.0.0.1937

File size:

733.4 KB (750,976 bytes)

Product version:

1.4.0.0

Original file name:

Updater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\common files\goobzo\gbupdateplus\updater.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/2/2013 1:00:00 AM

Valid to:

5/3/2015 12:59:59 AM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

1/31/2015 7:06:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:DjqfTtxIZJOQbxYa5d/PDJF8dorJRtvdlW2OEkGoXU+62mv0w42DdwbhTKw:6xxEdVxLJzOEktUR2msv2MJ

Entry address:

0x78280

Entry point:

E8, BE, 94, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, BD, DA, FF, FF, 0F, B6, 45, 08, 8B, 4D, F0, 8B, 89, C8, 00, 00, 00, 0F, B7, 04, 41, 25, 00, 80, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 4D, F8, 83, 61, 70, FD, C9, C3, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 08, E8, B9, FF, FF, FF, 59, 59, 5D, C3, 8B, FF, 55, 8B, EC, 6A, 04, FF, 75, 08, E8, FA, 94, 00, 00, 59, 59, 5D, C3, 8B, FF, 55, 8B, EC, 6A, 08, FF, 75, 08, E8, E7, 94, 00, 00, 59, 59, 5D, C3, 8B, FF, 55, 8B, EC... 
[+]

Entropy:

6.6017

Code size:

571.5 KB (585,216 bytes)

Scheduled Task

Task name:

SMWPUpd

Trigger:

Logon (Runs on logon)

The file Updater.exe has been discovered within the following program.

Search Module Plus by Goobzo LTD

Goobzo's Search Module Plus is a web browser toolbar/extension that will insert itself into IE, Firefox or Chrome and will modify the search and home page providers of the targeted browser. Once installed Search Module Plus changes Windows host file and DNS settings.

79% remove it

Remove Updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.