crxupdater_d.exe

Visual Tools

The application crxupdater_d.exe by Visual Tools has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Visual Tools  (signed and verified)

MD5:
ed162ff58591a1482749fb412edfa472

SHA-1:
f1642e5cabbbd622ad7d0434c3c5ab74144adf2d

SHA-256:
cffea53706f492824c73ed7bf09950552dcf6ba4b16498f9951a93e9ca184308

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 12:00:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
17.3.13.2

File size:
167 KB (170,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\crxupdater_d.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
1/10/2013 1:00:00 AM

Valid to:
1/11/2015 12:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
789958B0264F06055619270074AFA61F

File PE Metadata
Compilation timestamp:
9/3/2013 9:43:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0xC817

Entry point:
E8, 4D, 6E, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 68, 00, 42, 00, E8, 73, 12, 00, 00, E8, 95, 0B, 00, 00, 0F, B7, F0, 6A, 02, E8, E0, 6D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, EC, 26, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
94.5 KB (96,768 bytes)

Remove crxupdater_d.exe - Powered by Reason Core Security