epsonnet-print.exe

UpdateStar GmbH

The application epsonnet-print.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.updatestar.com.
Publisher:
UpdateStar GmbH  (signed and verified)

MD5:
f60381d24443299d3bf623a4d39e3345

SHA-1:
3cf4ef095a04baf6e89483b613e3ee3fe9c7e79b

SHA-256:
f31e60125506aa6b46e15a3135baf3301c6f7b272eb7da4d8fc793c04152992b

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/20/2024 8:30:34 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.128.170

Dr.Web
Trojan.KillProc.30849
9.0.1.053

ESET NOD32
Win32/InstallCore.JE.gen (variant)
8.9372

Malwarebytes
v2014.02.22.04

McAfee
Artemis!AD5E8193F922
5600.7212

Reason Heuristics
PUP.UpdateStarGmbH.O
14.2.22.4

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14220

Trend Micro House Call
TROJ_GEN.F47V0131
7.2.53

Vba32 AntiVirus
3.12.24.3

VIPRE Antivirus
InstallCore.b
26086

File size:
669 KB (685,056 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\epsonnet-print.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/2/2013 2:00:00 AM

Valid to:
1/3/2016 1:59:59 AM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009ED227324380B40DDE36C8D31A33831F

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:7vptvVqpPXo+HrdkNuX3MmmJalSXGUhjvmWLVGozhj/OuP/th:7vXvV0ddkz82vJGozhj/3h

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.7953  (probably packed)

Code size:
37 KB (37,888 bytes)

The file epsonnet-print.exe has been seen being distributed by the following URL.

Remove epsonnet-print.exe - Powered by Reason Core Security