» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

updatetask.exe

MY POP SHOP LTD

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe by MY POP SHOP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named PennyBee triggered daily at a specified time. This file is typically installed with the program PennyBeeUpdate by DealPly Technologies Ltd which is a potentially unwanted software program.

File name:

updatetask.exe

Publisher:

MY POP SHOP LTD (signed and verified)

MD5:

920cd568bd84e7fa5fbdaacafde69457

SHA-1:

ec66992cc522e6a0237d5bfd11bb2df4f40b1e37

SHA-256:

b9b51554212b5ca1e3b7695ed39eb92d032eba7e805bdb5f1ffcf08dfbf2276c

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The update task for the InstallCore download manager.

Analysis date:

5/5/2024 9:56:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.UpdateProc.Resoft (M)

16.6.4.0

File size:

140 KB (143,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\pennybee\updateproc\updatetask.exe

Digital Signature

Signed by:

MY POP SHOP LTD

Authority:

COMODO CA Limited

Valid from:

7/22/2014 7:00:00 AM

Valid to:

7/23/2015 6:59:59 AM

Subject:

CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B739C4F756EE55FB750952CE570BE48B

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:cTbjSmbj18hESa9gvuOs8pheVzIB3WdLGij:ceej1wPj2Ofpcjhj

Entry address:

0x18D2C

Entry point:

55, 8B, EC, 83, C4, F0, B8, D4, 8C, 41, 00, E8, 70, BF, FE, FF, 6A, 00, 68, F0, 88, 41, 00, 68, 44, 8A, 41, 00, 68, 78, 8A, 41, 00, B9, 70, 8D, 41, 00, BA, 8C, 8D, 41, 00, B8, 8C, 8D, 41, 00, E8, 5F, 53, FF, FF, E8, 5A, AD, FE, FF, 00, 00, FF, FF, FF, FF, 13, 00, 00, 00, 72, 63, 2C, 2B, 72, 72, 65, 64, 73, 67, 6E, 70, 29, 61, 6E, 68, 75, 2B, 42, 00, FF, FF, FF, FF, 08, 00, 00, 00, 50, 65, 6E, 6E, 79, 42, 65, 65, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2187

Developed / compiled with:

Microsoft Visual C++

Code size:

95.5 KB (97,792 bytes)

Scheduled Task

Task name:

PennyBee

Trigger:

Daily (Runs daily at 7:52)

The file updatetask.exe has been discovered within the following programs.

PennyBeeUpdate by DealPly Technologies Ltd

PennyBee (DealPly) is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.

pennybee.com

80% remove it

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.