home

updater.exeupdater.exe

Creative Island Media, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application updater.exeupdater.exe by Creative Island Media has been detected as adware by 7 anti-malware scanners. This file is typically installed with the program Updater by Creative Island Media, LLC which is a potentially unwanted software program. While running, it connects to the Internet address update.betterxperience.com on port 80 using the HTTP protocol.
Publisher:
Updater  (signed by Creative Island Media, LLC)

Product:
Updater

Description:
Updater service

Version:
1, 0, 0, 1

MD5:
99f6dfe77e92dec5344e6313c3574272

SHA-1:
b2e3eb977352613bbcf8fcde39b728c2ab8b74b2

SHA-256:
35b9d512e1f406bc81c0ee107a32ed6ce001f992cbe8b72f56a7fd934d9e7432

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/19/2024 9:20:29 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.WebApp (variant)
8.9996

G Data
Win32.Application.TubeDimmer
14.10.24

IKARUS anti.virus
PUA.CIM
t3scan.1.6.1.0

McAfee
Artemis!99F6DFE77E92
5600.6976

Norman
Malware
11.20141015

Reason Heuristics
PUP.CreativeIslandMedia.O
14.10.15.14

VIPRE Antivirus
Injekt
30630

File size:
478.9 KB (490,360 bytes)

Product version:
1, 0, 0, 1

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\application data\updater\updater.exeupdater.exe

Digital Signature
Signed by:
Creative Island Media, LLC

Authority:
VeriSign, Inc.

Valid from:
5/20/2013 5:00:00 PM

Valid to:
5/21/2014 4:59:59 PM

Subject:
CN="Creative Island Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Creative Island Media, LLC", L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
68F23F4D2767F6491DEA9186F2E5CB89

File PE Metadata
Compilation timestamp:
12/23/2013 4:23:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:JESiXglNHpDliUV6I6NVMUzUUYP5jL8gWeRx9Fq+u+IJqEAMaT3Qe5r9m:JQgNHpDAUVP6TMUzUz5Nj9FtIJquakmm

Entry address:
0x38FB2

Entry point:
E8, B9, D1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, FE, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 40, 7C, 46, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, A2, 5A, 00, 00, 59, FF, 34, F5, 40, 7C, 46, 00, FF, 15, 88, 50, 45, 00, 5E, 5D, C3, 56, 57, BE, 40, 7C, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F...
 
[+]

Entropy:
6.4423

Code size:
334.5 KB (342,528 bytes)

The file updater.exeupdater.exe has been discovered within the following programs.

Updater  by Creative Island Media, LLC
This is the updater program installed with the company's TubeDimmer software which is typically installed through a bundled offer and is potentially unwanted.
www.injekt.com
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.betterxperience.com  (54.218.62.24:80)

TCP (HTTP):
Connects to d.pullupdate.com  (54.230.15.37:80)

Remove updater.exeupdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.