extensionupdaterservice.exe

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application extensionupdaterservice.exe by Fedorov Paul has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update Service for Gigabase”.
Publisher:
Fedorov Paul  (signed and verified)

MD5:
91f7ae81d3c926d19d472d011cb49f69

SHA-1:
edd9e387bbfd9142df89f7c595813eca551b6e40

SHA-256:
4a5c24fc3b667e61bbe80c36f9c79846c4503439a55ef386b265b6487698bb12

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 1:24:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Webpick (M)
17.2.14.20

File size:
302.6 KB (309,853 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gigabase\basement\extensionupdaterservice.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/28/2012 6:00:00 AM

Valid to:
8/29/2013 5:59:59 AM

Subject:
CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
702D4055EE5CC734192DCBDFFE7AE8E1

File PE Metadata
Compilation timestamp:
6/7/2013 4:46:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xF312

Entry point:
E9, 14, 6E, FF, FF, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, D2, 68, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, D5, 28, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 78, 7D, 42, 00, 74, 12, 8B, 0D, 94, 7C, 42, 00, 85, 48, 70, 75, 07, E8, 3F, 72, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 98, 7B, 42, 00, 74, 16, 8B, 46, 08, 8B, 0D, 94, 7C, 42...
 
[+]

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
125.5 KB (128,512 bytes)

Service
Display name:
Update Service for Gigabase

Type:
Win32OwnProcess


Remove extensionupdaterservice.exe - Powered by Reason Core Security