» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)

updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 8 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.

File name:

updatetask.exe

MD5:

1697e82c5f74509e29b0e87fd42702cb

SHA-1:

0a511ea84db7a2f58ea3c595c7694b360a69465d

SHA-256:

c1d21609a4c39450b174094fcb2249e70dc2e564034a32914a7df69d65354351

Scanner detections:

8 / 68

Status:

Adware

Explanation:

The update task for the InstallCore download manager.

Analysis date:

4/18/2024 3:06:53 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.DealPly

4.0.3.15330

ESET NOD32

Win32/DealPly.AI potentially unwanted (variant)

9.11391

Kaspersky

not-a-virus:HEUR:AdWare.Win32.DealPly

14.0.0.2265

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1015

Quick Heal

AdWare.DealPly.OD8

3.15.14.00

Reason Heuristics

PUP.UpdateProc.Task

15.3.30.22

Sophos

DealPly Updater

4.98

SUPERAntiSpyware

Adware.DealPly/Variant

9965

File size:

459.5 KB (470,528 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\wse_taplika\updateproc\updatetask.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:E1Nfl7rpxZauk16uWL8sRKh2oiCrsyq0b7VaA03CJFsz0yISRqn:Mfl7PZafdWZRC2oBq03sA0yJF7SRc

Entry address:

0x65DA0

Entry point:

55, 8B, EC, 83, C4, F0, B8, 00, 5C, 46, 00, E8, 7C, 11, FA, FF, A1, 1C, 6F, 46, 00, 8B, 00, E8, 78, 60, FE, FF, B9, 74, 91, 46, 00, A1, 1C, 6F, 46, 00, 8B, 00, 8B, 15, 8C, 1D, 44, 00, E8, 79, 60, FE, FF, A1, 74, 91, 46, 00, E8, C7, FD, FF, FF, A1, 1C, 6F, 46, 00, 8B, 00, E8, E3, 60, FE, FF, E8, 12, EA, F9, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 8D, 40, 00, 32, 13, 8B, C0, 02, 00, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00... 
[+]

Entropy:

6.6187

Developed / compiled with:

Microsoft Visual C++

Code size:

403.5 KB (413,184 bytes)

Scheduled Task

Task name:

Wse_taplika

Trigger:

Daily (Runs daily at 9:58 PM)

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.