» updatetask.exe
Overview
Analysis
File Details
Behaviors (5)
Network (17)

updatetask.exe

DealPly Technologies Ltd

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe by DealPly Technologies has been detected as adware by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named Dealply triggered daily at a specified time.

File name:

updatetask.exe

Publisher:

DealPly Technologies Ltd (signed and verified)

MD5:

591f7c7bde59e71e362699683e91b471

SHA-1:

548957f540e363553dec20afbc4b2ea814d5e17e

SHA-256:

1eaa5e385788f2ce3399fffa3d2ad9df89b063ea5867532d504e00e1148955aa

Scanner detections:

15 / 68

Status:

Adware

Explanation:

The update task for the InstallCore download manager.

Analysis date:

4/20/2024 10:08:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Downware.L

1144

AhnLab V3 Security

Adware/Win32.Agent

2013.12.03

Bitdefender

Adware.Downware.L

1.0.20.1690

Bkav FE

W32.Cloda21.Trojan

1.3.0.4562

Boost by Reason

Optional.Task.DealPly.K

188838

Comodo Security

Application.Win32.Dealply.~l

17372

Emsisoft Anti-Malware

Adware.Downware.L

8.13.12.04.08

ESET NOD32

Win32/DealPly

7.9120

Fortinet FortiGate

Adware/Fam.NB

12/4/2013

G Data

Adware.Downware

13.12.22

Malwarebytes

PUP.Optional.DealPly.A

v2013.12.04.08

MicroWorld eScan

Adware.Downware.L

14.0.0.1014

Reason Heuristics

PUP.UpdateProc.Task.K

14.8.7.17

Vba32 AntiVirus

SScope.Trojan.Kriptik.8607

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

23936

File size:

106.1 KB (108,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\dealply\updateproc\updatetask.exe

Digital Signature

Signed by:

DealPly Technologies Ltd

Authority:

COMODO CA Limited

Valid from:

6/14/2012 2:00:00 AM

Valid to:

6/15/2015 1:59:59 AM

Subject:

CN=DealPly Technologies Ltd, O=DealPly Technologies Ltd, STREET=13 Barth St., L=Tel Aviv, S=Israel, PostalCode=69104, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

016DFA78310264827B57EAD4F620C264

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:BTPD9DL7lYBMNywPu70ikC5Nq8P/tnSGuBRRI4OeB:Bh9Yn7eCLpHtnmT0eB

Entry address:

0x14E80

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 28, 4E, 41, 00, E8, 43, FD, FE, FF, BB, 4C, 51, 41, 00, 8B, C3, BA, 04, 4F, 41, 00, E8, 8A, EC, FE, FF, 83, 3B, 00, 75, 0C, 8B, C3, BA, 14, 4F, 41, 00, E8, 85, EE, FE, FF, 83, 3B, 00, 74, 0C, 8B, C3, BA, 24, 4F, 41, 00, E8, 74, EE, FE, FF, B8, 50, 51, 41, 00, 8B, 13, E8, 5C, EC, FE, FF, 6A, 00, 68, A8, 4A, 41, 00, 68, D0, 4B, 41, 00, 68, 04, 4C, 41, 00, B9, 30, 4F, 41, 00, 8B, 15, 50, 51, 41, 00, 8B, 03, E8, BD, 72, FF, FF, 5B, E8, EF, EA, FE, FF, 00, 00, 00, FF, FF, FF, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

80 KB (81,920 bytes)

5 Scheduled Tasks

Task name:

Hoolapp Init

Trigger:

Boot (Runs on boot)

Task name:

Dealply

Trigger:

Daily (Runs daily at 14:56)

Action:

updatetask.exe \check

Task name:

DSite

Trigger:

Daily (Runs daily at 20:20)

Task name:

Hoolapp For Android

Trigger:

Daily (Runs daily at 2:27)

Task name:

At1

Path:

D:\WINDOWS\Tasks\At1.job

Trigger:

Daily (Runs daily at 8:27 AM)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to bits-lb.esams.wikimedia.org (91.198.174.202:80)

TCP (HTTP):

Connects to ec2-54-243-240-124.compute-1.amazonaws.com (54.243.240.124:80)

TCP (HTTP):

Connects to ec2-54-243-205-164.compute-1.amazonaws.com (54.243.205.164:80)

TCP (HTTP):

Connects to ec2-23-23-137-245.compute-1.amazonaws.com (23.23.137.245:80)

TCP (HTTP):

Connects to ec2-54-197-227-159.compute-1.amazonaws.com (54.197.227.159:80)

TCP (HTTP):

Connects to bits-lb.eqiad.wikimedia.org (208.80.154.234:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (176.32.100.195:80)

TCP (HTTP SSL):

Connects to geoip-zlb.vips.scl3.mozilla.com (63.245.215.82:443)

TCP (HTTP):

Connects to ec2-54-235-144-60.compute-1.amazonaws.com (54.235.144.60:80)

TCP (HTTP):

Connects to ec2-23-23-169-51.compute-1.amazonaws.com (23.23.169.51:80)

TCP (HTTP):

Connects to ec2-23-23-120-217.compute-1.amazonaws.com (23.23.120.217:80)

TCP (HTTP):

Connects to ec2-23-21-92-35.compute-1.amazonaws.com (23.21.92.35:80)

TCP (HTTP):

Connects to ec2-107-21-203-130.compute-1.amazonaws.com (107.21.203.130:80)

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.