» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)

updatetask.exe

Hoolapp

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe by Hoolapp has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. It is part of the Yontoo branded browser-extension.

File name:

updatetask.exe

Publisher:

Hoolapp (signed and verified)

MD5:

58fc609888aab15b5dca23e5e521a5e1

SHA-1:

1b0cf1b2c68343d94ab4ac167e51e03712a11aca

SHA-256:

84cac38a37745e51d9e8ad0ab910b22a58c22fdd11e5a1e4c7afd6b9f6caa79c

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/19/2024 10:15:23 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PriceFountain.ICDP

16.10.26.17

File size:

98.5 KB (100,912 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\hoolappforandroid\updateproc\updatetask.exe

Digital Signature

Signed by:

Hoolapp

Authority:

COMODO CA Limited

Valid from:

11/20/2012 1:00:00 AM

Valid to:

11/21/2015 12:59:59 AM

Subject:

CN=Hoolapp, O=Hoolapp, STREET=63 Rothschild Blvd., L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1205B27293082834E7A5D38AE9D121B7

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:n9zWljMyZpzSR+DU+Qg3ibYVyrz6iI1QJGD/ZNZ:9SdMyZtfDlzoY4rmxzZ

Entry address:

0x1338C

Entry point:

55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, B8, 34, 33, 41, 00, E8, 3E, 17, FF, FF, 33, C0, 55, 68, 60, 35, 41, 00, 64, FF, 30, 64, 89, 20, 68, 5C, 2E, 41, 00, 68, 88, 32, 41, 00, 8D, 55, EC, B8, 74, 35, 41, 00, E8, 9D, 7B, FF, FF, 8B, 45, EC, B9, 08, 28, 41, 00, 33, D2, E8, 2E, F3, FF, FF, 8D, 55, E8, B8, 9C, 35, 41, 00, E8, 81, 7B, FF, FF, 8B, 45, E8, E8, D9, 94, FF, FF, 40, 74, 14, BA, B4, 35, 41, 00, B8, C4, 35, 41, 00, E8, BB, DD, FF, FF, E9, 3F, 01, 00, 00, 8D, 55, E4, B8, E0, 35... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

74 KB (75,776 bytes)

Scheduled Task

Task name:

Hoolapp For Android

Trigger:

Daily (Runs daily at 10:33)

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.