home

extensionupdaterservice.exe

Bit Cocktail Ltd.

The application extensionupdaterservice.exe by Bit Cocktail has been detected as a potentially unwanted program by 7 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “IB Updater”. This file is typically installed with the program IB Updater 2.0.0.530 by Perion Network Ltd. which is a potentially unwanted software program.
Publisher:
Bit Cocktail Ltd.  (signed and verified)

MD5:
cedb27baca286f063c3a11d44af530ae

SHA-1:
d9497edfe3b5e102a7bc46a2039721dff803ab34

SHA-256:
3fc6084a7ad4218e47396f200ebd834c28594116cf8662d653c4b81ecd27ce17

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 8:27:18 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Service.BitCocktail.X
188163

ESET NOD32
Win32/Toolbar.BitCocktail (variant)
7.9190

Malwarebytes
PUP.Optional.SweetPacks.A
v2013.12.19.11

McAfee
Artemis!CEDB27BACA28
5600.7277

Reason Heuristics
PUP.Service.BitCocktail.X
14.3.2.11

Sophos
BitCocktail
4.96

ViRobot
Trojan.Win32.A.Agent.188760
2011.4.7.4223

File size:
184.3 KB (188,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ib updater\extensionupdaterservice.exe

Digital Signature
Signed by:
Bit Cocktail Ltd.

Authority:
Thawte, Inc.

Valid from:
11/12/2012 2:00:00 AM

Valid to:
1/17/2014 1:59:59 AM

Subject:
CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2FF74ED2AFEBAFD72E0750E98DC63C1C

File PE Metadata
Compilation timestamp:
1/29/2013 2:28:50 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:zfXXKEj6X5sZFbUpnhz6tSugLcMGrKRH1MLv5YbpHNE:zfqEjUTz6tShLcnWXMLibpi

Entry address:
0xAD21

Entry point:
E8, 3A, 57, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 20, 12, 42, 00, 00, 74, 05, E9, F1, 57, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44...
 
[+]

Entropy:
6.1372

Code size:
98 KB (100,352 bytes)

Service
Display name:
IB Updater

Type:
Win32OwnProcess


The file extensionupdaterservice.exe has been discovered within the following program.

IB Updater 2.0.0.530  by Perion Network Ltd.
The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodically connects to the IncrediBar servers.
www.incredibar.com
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.81.160:80)

Remove extensionupdaterservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.