» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)

updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.

File name:

updatetask.exe

MD5:

e2143181b8e0227498f878ac3d4fafa1

SHA-1:

8d991d5354dda17ed1b29c6ecee9ed734d1e8cc5

SHA-256:

ec7c79f2bf688c014c9a60f4a5d5c4ca041ff008a28106c939fd63c95b146b04

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

The update task for the InstallCore download manager.

Analysis date:

4/26/2024 1:13:15 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.DealPly

4.0.3.1541

ESET NOD32

Win32/DealPly.AI potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:HEUR:AdWare.Win32.DealPly

14.0.0.2258

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1015

Quick Heal

AdWare.DealPly.OD8

4.15.14.00

Reason Heuristics

PUP.UpdateProc.Task

15.4.1.6

Sophos

DealPly Updater

4.98

File size:

482.5 KB (494,080 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\run_dregol\updateproc\updatetask.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:eVZjCv0/xgSxQOtHs9/mI8llRqfHfHfHfAIAvc:888/6SnHy/mDllRqfffCc

Entry address:

0x69010

Entry point:

55, 8B, EC, 83, C4, F0, B8, 70, 8E, 46, 00, E8, 24, DF, F9, FF, A1, 1C, AF, 46, 00, 8B, 00, E8, 20, 2E, FE, FF, B9, 74, D1, 46, 00, A1, 1C, AF, 46, 00, 8B, 00, 8B, 15, A4, 1D, 44, 00, E8, 21, 2E, FE, FF, A1, 74, D1, 46, 00, E8, C7, FD, FF, FF, A1, 1C, AF, 46, 00, 8B, 00, E8, 8B, 2E, FE, FF, E8, BA, B7, F9, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

416.5 KB (426,496 bytes)

Scheduled Task

Task name:

At1

Path:

C:\WINDOWS\Tasks\At1.job

Trigger:

Daily (Runs daily at 1.10)

Description:

Creato da NetScheduleJobAdd.

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.