getnowupdater.exe

GetNowUpdater Installer

SIEN Internet Products Ltd

This adware component is disributed via the getnow.com web site which distributed adware bundles run by Appscion, a distribution and monetization divison of SIEN SA. The application getnowupdater.exe by SIEN Internet Products has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from stapi.getinstall.com.
Publisher:
LiveSoft Action  (signed by SIEN Internet Products Ltd)

Product:
GetNowUpdater Installer

Version:
9.33.1.1

MD5:
b90cc5d411114514f35cf796076fd659

SHA-1:
890248f04b3e6e0bc464efbb66cb3f9a94a43938

SHA-256:
122ae218ec7bc3fb023fb3606ae2d12e2860c3cabf1e726c8ac14549d191f42a

Scanner detections:
13 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 2:25:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.49
401

AhnLab V3 Security
PUP/Win32.Bundler
2015.08.19

AVG
Generic
2016.0.2879

Bitdefender
Gen:Variant.Application.Bundler.49
1.0.20.1825

Bkav FE
W32.HfsAdware
1.3.0.7062

Dr.Web
Adware.Iminent.26
9.0.1.0365

F-Secure
Gen:Variant.Application.Bundler
11.2015-31-12_5

G Data
Gen:Variant.Application.Bundler.49
15.12.25

MicroWorld eScan
Gen:Variant.Application.Bundler.49
16.0.0.1095

Panda Antivirus
PUP/GetNowUpdater.A
15.12.31.10

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.GetNow.Sien.Bundler (M)
15.12.31.10

VIPRE Antivirus
Trojan.Win32.Generic
41262

File size:
1.3 MB (1,409,584 bytes)

Product version:
9.33.1.1

Copyright:
(c) Live Soft Action. All rights reserved.

Original file name:
GNUBootstrapper.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\getnowupdater.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/2/2015 8:13:19 AM

Valid to:
2/3/2016 8:13:19 AM

Subject:
CN=SIEN Internet Products Ltd, O=SIEN Internet Products Ltd, L=London, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B83795C783CB891BECAAAEEF4B5E1F5B

File PE Metadata
Compilation timestamp:
8/10/2015 3:43:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:UGEWcTm9BGzBT8KbsUMmOrRtJTihxJT91Yy6kFaKuds:Usi58K+brl03T91OKuds

Entry address:
0x1EEC3

Entry point:
E8, 33, F1, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 7C, 98, 53, 00, 75, 02, F3, C3, E9, 83, F2, 00, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, BC, 85, 50, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 80, 71, 50, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F...
 
[+]

Entropy:
6.8113

Code size:
1 MB (1,072,640 bytes)

The file getnowupdater.exe has been seen being distributed by the following URL.

Remove getnowupdater.exe - Powered by Reason Core Security