extensionupdaterservice.exe

Bit Cocktail Ltd.

The application extensionupdaterservice.exe by Bit Cocktail has been detected as a potentially unwanted program by 7 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IB Updater Updater”. This file is typically installed with the program IB Updater 2.0.0.530 by Perion Network Ltd. which is a potentially unwanted software program.
Publisher:
Bit Cocktail Ltd.  (signed and verified)

MD5:
54e99bfcf960c1299a0e63f77127e5c8

SHA-1:
371f168954b3fdd341b530c4bf9cdf6183cef7a1

SHA-256:
8de21e8482e59b4c79b9f9b28eae46d462e564f3293f1eb9219d33c5e04cea54

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 4:32:23 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Service.BitCocktail.X
188163

ESET NOD32
Win32/Toolbar.BitCocktail (variant)
7.8768

Malwarebytes
PUP.Optional.SweetPacks.A
v2013.12.24.08

Reason Heuristics
PUP.Service.BitCocktail.X
14.2.16.5

Sophos
BitCocktail
4.91

Trend Micro House Call
TROJ_GEN.F47V0320
7.2.358

ViRobot
Trojan.Win32.A.Agent.188760
2011.4.7.4223

File size:
184.3 KB (188,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ib updater\extensionupdaterservice.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
11/12/2012 1:00:00 AM

Valid to:
1/17/2014 12:59:59 AM

Subject:
CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2FF74ED2AFEBAFD72E0750E98DC63C1C

File PE Metadata
Compilation timestamp:
1/29/2013 1:29:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:bfXXKEj6X5sZFbUpnhz6tSugLcMGrKln1eLv5YbpHNR:bfqEjUTz6tShLcnWreLibp7

Entry address:
0xAD21

Entry point:
E8, 3A, 57, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 20, 12, 42, 00, 00, 74, 05, E9, F1, 57, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44...
 
[+]

Entropy:
6.1372

Code size:
98 KB (100,352 bytes)

2 Services
Display name:
IB Updater Updater

Type:
Win32OwnProcess

Display name:
IB Updater

Type:
Win32OwnProcess


The file extensionupdaterservice.exe has been discovered within the following program.

IB Updater 2.0.0.530  by Perion Network Ltd.
The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodically connects to the IncrediBar servers.
www.incredibar.com
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.81.88:80)

Remove extensionupdaterservice.exe - Powered by Reason Core Security