home

ArcadesafariUpdater.exe

Updater

ArcadeSafari

The application ArcadesafariUpdater.exe by ArcadeSafari has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ArcadeSafari  (signed and verified)

Product:
Updater

Version:
4.0.322

MD5:
e1c55f2bdaaa2bf7d1156e41afa16aa2

SHA-1:
6dd3ead73c007a066af92bfbee8d901e7c68c806

SHA-256:
ed80fcd87d1beebb708578318bfb40f2829e44cef479ae5fa72f2cfef8ee4afc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2025 10:48:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EpicPlay.ArcadeSafari (M)
15.8.20.9

File size:
290.5 KB (297,504 bytes)

Product version:
4.0.322

Copyright:
Copyright © ArcadeSafari

Original file name:
ArcadesafariUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\arcadesafari\arcadesafariupdater.exe

Digital Signature
Signed by:
ArcadeSafari

Authority:
Thawte, Inc.

Valid from:
11/4/2013 4:00:00 PM

Valid to:
11/5/2015 3:59:59 PM

Subject:
CN=ArcadeSafari, O=ArcadeSafari, L=Irvine, S=california, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3964C74530D767D333F7A3858FAAB32A

File PE Metadata
Compilation timestamp:
7/28/2015 4:38:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:al0WLsBfxqATTd8scHa9cqjkYOpfnwErOZUJ0g+jpvyrCcZ9YT:vxqATDbTf1ErYUK3pvHKm

Entry address:
0x693A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4689

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
18.5 KB (18,944 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-60-139-27.deploy.static.akamaitechnologies.com  (23.60.139.27:80)

TCP (HTTP):
Connects to a23-4-187-27.deploy.static.akamaitechnologies.com  (23.4.187.27:80)

TCP (HTTP):
Connects to a23-52-91-27.deploy.static.akamaitechnologies.com  (23.52.91.27:80)

TCP (HTTP):
Connects to a23-54-181-163.deploy.static.akamaitechnologies.com  (23.54.181.163:80)

TCP (HTTP):
Connects to a23-4-37-163.deploy.static.akamaitechnologies.com  (23.4.37.163:80)

TCP (HTTP):
Connects to a23-5-251-27.deploy.static.akamaitechnologies.com  (23.5.251.27:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to a23-52-85-163.deploy.static.akamaitechnologies.com  (23.52.85.163:80)

TCP (HTTP):
Connects to a23-49-139-27.deploy.static.akamaitechnologies.com  (23.49.139.27:80)

TCP (HTTP):
Connects to a23-4-43-27.deploy.static.akamaitechnologies.com  (23.4.43.27:80)

TCP (HTTP):
Connects to a201-016-134-145.deploy.akamaitechnologies.com  (201.16.134.145:80)

TCP (HTTP):
Connects to a23-64-171-27.deploy.static.akamaitechnologies.com  (23.64.171.27:80)

TCP (HTTP):
Connects to a23-55-149-163.deploy.static.akamaitechnologies.com  (23.55.149.163:80)

TCP (HTTP):
Connects to a23-54-187-27.deploy.static.akamaitechnologies.com  (23.54.187.27:80)

TCP (HTTP):
Connects to a23-50-187-27.deploy.static.akamaitechnologies.com  (23.50.187.27:80)

TCP (HTTP):
Connects to a23-4-53-163.deploy.static.akamaitechnologies.com  (23.4.53.163:80)

TCP (HTTP):
Connects to a23-4-181-163.deploy.static.akamaitechnologies.com  (23.4.181.163:80)

TCP (HTTP):
Connects to a23-50-75-27.deploy.static.akamaitechnologies.com  (23.50.75.27:80)

TCP (HTTP):
Connects to a23-49-133-163.deploy.static.akamaitechnologies.com  (23.49.133.163:80)

TCP (HTTP):
Connects to a23-4-59-27.deploy.static.akamaitechnologies.com  (23.4.59.27:80)

Remove ArcadesafariUpdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.