» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)

updatetask.exe

Hoolapp

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe by Hoolapp has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler. It is part of the Yontoo branded browser-extension.

File name:

updatetask.exe

Publisher:

Hoolapp (signed and verified)

MD5:

a590a2ef0a1dfcea504557f70f73ca1b

SHA-1:

4a8f742982cbf064141e0dd4b847ecfc1fc9b82c

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/16/2024 12:11:30 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PriceFountain.ICDP

16.10.26.17

File size:

98.5 KB (100,912 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\hoolappforandroid\updateproc\updatetask.exe

Digital Signature

Signed by:

Hoolapp

Authority:

COMODO CA Limited

Valid from:

11/20/2012 5:30:00 AM

Valid to:

11/21/2015 5:29:59 AM

Subject:

CN=Hoolapp, O=Hoolapp, STREET=63 Rothschild Blvd., L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1205B27293082834E7A5D38AE9D121B7

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:vwzWljMyZpzSR+DU+Qg3ibYVyrz6iI1QJGD/ZNZ:oSdMyZtfDlzoY4rmxzZ

Entry address:

0x1338C

Entry point:

55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, B8, 34, 33, 41, 00, E8, 3E, 17, FF, FF, 33, C0, 55, 68, 60, 35, 41, 00, 64, FF, 30, 64, 89, 20, 68, 5C, 2E, 41, 00, 68, 88, 32, 41, 00, 8D, 55, EC, B8, 74, 35, 41, 00, E8, 9D, 7B, FF, FF, 8B, 45, EC, B9, 08, 28, 41, 00, 33, D2, E8, 2E, F3, FF, FF, 8D, 55, E8, B8, 9C, 35, 41, 00, E8, 81, 7B, FF, FF, 8B, 45, E8, E8, D9, 94, FF, FF, 40, 74, 14, BA, B4, 35, 41, 00, B8, C4, 35, 41, 00, E8, BB, DD, FF, FF, E9, 3F, 01, 00, 00, 8D, 55, E4, B8, E0, 35... 
[+]

Entropy:

6.5725

Developed / compiled with:

Microsoft Visual C++

Code size:

74 KB (75,776 bytes)

Scheduled Task

Task name:

At1

Path:

D:\WINDOWS\Tasks\At1.job

Trigger:

Weekly (Runs weekly on Wednesdays at 3:33 PM)

Description:

Created by NetScheduleJobAdd.

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.