» updater.exeupdater.exe
Overview
Analysis
File Details
Programs (1)
Network (2)

updater.exeupdater.exe

WebAppTech Coding LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application updater.exeupdater.exe by WebAppTech Coding has been detected as adware by 22 anti-malware scanners. This file is typically installed with the program Updater by WebAppTech Coding, LLC which is a potentially unwanted software program.

File name:

Publisher:

Updater (signed by WebAppTech Coding LLC)

Product:

Updater

Description:

Updater service

Version:

1, 0, 0, 1

MD5:

efe7fc02fc2722b17e2f1c397bc70ffa

SHA-1:

85f7e2640b1d0d12e7b87f01e5233b8f23cb5492

SHA-256:

093f8a7988f6c50d02c18eb53ecbd64bd8604835cbf72b55ac1208b29c30403c

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/19/2024 7:05:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NUE

873

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

avast!

Win32:TubeDim-A [PUP]

2014.9-140915

Bitdefender

Adware.Agent.NUE

1.0.20.1290

Bkav FE

W32.Clod4a8.Trojan

1.3.0.4613

Dr.Web

Adware.Plugin.130

9.0.1.0258

Emsisoft Anti-Malware

Adware.Agent.NUE

8.14.09.15.09

ESET NOD32

Win32/Toolbar.WebApp.A potentially unwanted application

7.0.302.0

F-Secure

Adware.Agent.NUE

11.2014-15-09_2

G Data

Win32.Application.TubeDimmer

14.9.24

IKARUS anti.virus

PUA.Toolbar.WebApp

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.Updater.A

v2014.07.20.03

McAfee

Artemis!0A349A53E1FF

5600.7007

MicroWorld eScan

Adware.Agent.NUE

15.0.0.774

Norman

Malware

11.20140720

nProtect

Adware.Agent.NUE

14.02.02.01

Reason Heuristics

PUP.WebAppTechCoding.O

14.8.7.17

Sophos

Search Donkey

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10358

Trend Micro House Call

TROJ_GEN.F47V0326

7.2.258

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Threat.4784449

31208

File size:

478.4 KB (489,848 bytes)

Product version:

1, 0, 0, 1

Original file name:

updater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\updater\updater.exeupdater.exe

Digital Signature

Signed by:

WebAppTech Coding LLC

Authority:

VeriSign, Inc.

Valid from:

12/23/2013 6:00:00 PM

Valid to:

12/24/2014 5:59:59 PM

Subject:

CN=WebAppTech Coding LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WebAppTech Coding LLC, L=Grandville, S=Michigan, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1A6411A4888DF6223DF9C572F9BE2E96

File PE Metadata

Compilation timestamp:

4/11/2014 1:43:42 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:f/q3p6QNJbLVDLzt2mP4e9xwIP53Qe9WA3pJEKsk:fQ8QNJbLdz5P4ewC5379DpJAk

Entry address:

0x38E02

Entry point:

E8, B9, D1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, FE, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 40, 7C, 46, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, A2, 5A, 00, 00, 59, FF, 34, F5, 40, 7C, 46, 00, FF, 15, 88, 50, 45, 00, 5E, 5D, C3, 56, 57, BE, 40, 7C, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F... 
[+]

Entropy:

6.4427

Code size:

334 KB (342,016 bytes)

The file updater.exeupdater.exe has been discovered within the following program.

Updater by WebAppTech Coding, LLC

Publisher's description - “We may collect certain information about your web usage and websites you have visited, which may be shared with third parties and used for advertising.”

85% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-186-84-255.us-west-2.compute.amazonaws.com (54.186.84.255:80)

TCP (HTTP):

Connects to ec2-52-42-90-80.us-west-2.compute.amazonaws.com (52.42.90.80:80)

Remove updater.exeupdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.