home

updater4639.exe

SavingsApp

Engaging Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application updater4639.exe by Engaging Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Innovative Apps  (signed by Engaging Apps)

Product:
SavingsApp

Description:
SavingsApp exe

Version:
1000.1000.1000.1000

MD5:
f0adfbc03d03d271b25f6bd07678cdbe

SHA-1:
064e7cdc2b2a239221f73fc87343d62b5f3ea384

SHA-256:
b76dea46e47af24173107d10dba34018d9bb54baab2ec151150b190f500e6105

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 6:50:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.50OnRed.EngagingApps (M)
16.2.13.0

File size:
214.4 KB (219,528 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SavingsApp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\updater4639\updater4639.exe

Digital Signature
Signed by:
Engaging Apps

Authority:
Thawte, Inc.

Valid from:
6/4/2013 2:00:00 AM

Valid to:
6/5/2014 1:59:59 AM

Subject:
CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
632EEBD9B987BC680D444D8675A26545

File PE Metadata
Compilation timestamp:
10/14/2013 12:52:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:6eGE+NVQ18CsQ08QD4UA4TuRIUhUei6JMqJCsfDnGnmG/os5:lGPNtCt0X4UA4TuBhUei6JMqdmws

Entry address:
0x16881

Entry point:
E8, D5, 8F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 92, E0, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 20, 46, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, E0, B0, 42, 00...
 
[+]

Entropy:
6.4596

Code size:
166 KB (169,984 bytes)

Remove updater4639.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.