home

updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 8 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
MD5:
358b6a665afc38d13206ba554abcac4b

SHA-1:
a23cd5a8823e8442e6f2fb457bc814a71a490a05

SHA-256:
acfb2c664888cf2e3cf4cee3720760b3f5de03cdd0e12bd5ce4d7dc1d3c7370e

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
4/18/2024 5:19:23 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.DealPly
4.0.3.1536

ESET NOD32
Win32/DealPly.AI potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.DealPly
15.0.0.543

McAfee
GenericR-DCB!358B6A665AFC
5600.6835

Qihoo 360 Security
Win32/Virus.Adware.520
1.0.0.1015

Reason Heuristics
PUP.UpdateProc.Task
15.3.6.5

Sophos
PUA 'DealPly Updater'
5.11

SUPERAntiSpyware
Adware.DealPly/Variant
10015

File size:
462 KB (473,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\wse_binkiland\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:U4BzdVN091yEOSi8Cebhv0jSRJF0MmTjOPgz:5B7S3yEHCyhvHJbe

Entry address:
0x66620

Entry point:
55, 8B, EC, 83, C4, F0, B8, 80, 64, 46, 00, E8, 08, 09, FA, FF, A1, 1C, 7F, 46, 00, 8B, 00, E8, 04, 58, FE, FF, B9, 74, A1, 46, 00, A1, 1C, 7F, 46, 00, 8B, 00, 8B, 15, 98, 1D, 44, 00, E8, 05, 58, FE, FF, A1, 74, A1, 46, 00, E8, C7, FD, FF, FF, A1, 1C, 7F, 46, 00, 8B, 00, E8, 6F, 58, FE, FF, E8, B2, E1, F9, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6346

Developed / compiled with:
Microsoft Visual C++

Code size:
406 KB (415,744 bytes)

Scheduled Task
Task name:
Wse_binkiland

Trigger:
Daily (Runs daily at 5:13 AM)

Action:
updatetask.exe \check


Remove updatetask.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.