» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)

updatetask.exe

Hoolapp

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe by Hoolapp has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Hoolapp For Android. It is part of the Yontoo branded browser-extension.

File name:

updatetask.exe

Publisher:

Hoolapp (signed and verified)

MD5:

9ae511ad4f21815341c658675e4a2bd5

SHA-1:

c2718f64d78d56f8ecab43bb841b4bbed1a36ee4

SHA-256:

924b14dd578bc2a5cf4ff4e5e74ed5ea089a393e4798fe15576b3980d31089a5

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/24/2024 1:24:41 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PriceFountain.ICDP

16.10.26.17

File size:

97 KB (99,376 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\hoolappforandroid\updateproc\updatetask.exe

Digital Signature

Signed by:

Hoolapp

Authority:

COMODO CA Limited

Valid from:

11/20/2012 12:00:00 AM

Valid to:

11/20/2015 11:59:59 PM

Subject:

CN=Hoolapp, O=Hoolapp, STREET=63 Rothschild Blvd., L=Tel-Aviv, S=NA, PostalCode=65785, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1205B27293082834E7A5D38AE9D121B7

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:bezJ4S54Hu+m+b+09r42EEWbeqZPc9GD/w8N5:SNT54OcSSKEWbesd5

Entry address:

0x12D58

Entry point:

55, 8B, EC, B9, 0E, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, B8, 00, 2D, 41, 00, E8, 13, 1D, FF, FF, 33, C0, 55, 68, 9B, 2F, 41, 00, 64, FF, 30, 64, 89, 20, 68, 40, 28, 41, 00, 68, 6C, 2C, 41, 00, 8D, 55, EC, B8, B0, 2F, 41, 00, E8, AE, 81, FF, FF, 8B, 45, EC, B9, EC, 21, 41, 00, 33, D2, E8, 47, F3, FF, FF, 8D, 55, E4, B8, 01, 00, 00, 00, E8, 32, F9, FE, FF, 8B, 45, E4, 8D, 55, E8, E8, BF, 92, FF, FF, 8B, 45, E8, 50, 8D, 55, DC, B8, D8, 2F, 41, 00, E8, 76, 81, FF, FF, 8B, 45, DC, 8D, 55, E0, E8, A3, 92, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

72.5 KB (74,240 bytes)

Program Uninstaller

Program name:

Hoolapp For Android

Uninstall string:

C:\users\{user}\appdata\roaming\hoolappforandroid\updateproc\updatetask.exe \uninstall

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.