updatestar.exe

UpdateStar

UpdateStar GmbH

The application updatestar.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘UpdateStar’. This file is typically installed with the program UpdateStar by UpdateStar GmbH. While running, it connects to the Internet address www.updatestar.com on port 80 using the HTTP protocol.
Publisher:
UpdateStar GmbH  (signed and verified)

Product:
UpdateStar

Version:
10.0.1265

MD5:
3313733789d270460180e1aa432481cc

SHA-1:
6b5c571da3fe1abb9c1d1cfa7494f9b3ada53d5a

SHA-256:
e022f09bb6caef1c33663f80283aeb772a53a18ba4b3fe499a8fa20b277a21b4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
3/6/2021 1:21:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.UpdateStarGmbH.K
14.2.22.22

File size:
5 MB (5,255,216 bytes)

Product version:
10.0.1265

Copyright:
(c) 2006-2013 All rights reserved

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\updatestar\updatestar.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/2/2013 7:00:00 AM

Valid to:
1/3/2016 6:59:59 AM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009ED227324380B40DDE36C8D31A33831F

File PE Metadata
Compilation timestamp:
12/2/2013 6:35:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:ynHIrAr7ks0nRAJsPpPTJwAE2E0SxgoemLwUMPQTspPj0FaTEW+7woQj4L07:cHbQoshOAlP6wKq

Entry address:
0x9A3FB

Entry point:
E8, 11, 05, 00, 00, E9, 4C, FE, FF, FF, CC, FF, 25, 78, A6, 60, 00, 6A, 0C, 68, 60, D5, 66, 00, E8, 08, 06, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, 09, 06, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3...
 
[+]

Code size:
2 MB (2,132,992 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
UpdateStar

Command:
"C:\users\{user}\appdata\roaming\updatestar\updatestar.exe" -a


The file updatestar.exe has been discovered within the following program.

UpdateStar  by UpdateStar GmbH
UpdateStar is a freeware software application recognizing and providing update information for approximately 1.3 million software programs. Implementing a social computing aspect, the update database is maintained by the users.
www.updatestar.com
39% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ws1.updatestar.com  (178.77.70.167:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.239.123:80)

TCP (HTTP):
Connects to www.updatestar.com  (5.35.253.150:80)

TCP (HTTP):
Connects to mail.updatestar.com  (91.250.96.112:80)

TCP (HTTP):
Connects to wb-in-f139.1e100.net  (66.102.1.139:80)

TCP (HTTP):
Connects to fra07s28-in-f25.1e100.net  (173.194.112.57:80)

TCP (HTTP):
Connects to fra07s28-in-f13.1e100.net  (173.194.112.45:80)

TCP (HTTP):
Connects to fra02s22-in-f1.1e100.net  (173.194.113.97:80)

Remove updatestar.exe - Powered by Reason Core Security