ix_updater.exe

The executable ix_updater.exe has been detected as malware by 8 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named GboxUpdaterLogonTask triggered to execute each time a user logs in. Additionally, the file is typically installed by a number of programs including WxDFast Updater by Best Application and TheBflix Updater by TheBflix, both potentially unwanted software. The file has been seen being downloaded from www.nlstorage.info. While running, it connects to the Internet address lb-212-254.above.com on port 80 using the HTTP protocol.
MD5:
886535829d76a50ae0c1b605f4d3883f

SHA-1:
6768702d88f1b16f6e7372f31a4f10b1a53f6774

SHA-256:
a0c1e13faaebd7a68ec9993e475bbc7d72376722dcd7e6d6df6e3316db9991a1

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/26/2024 5:02:38 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.GenUpdater
4.0.3.131226

Bkav FE
W32.OnGameNLOAPZAB.Trojan
1.3.0.4246

Dr.Web
Trojan.DownLoad3.7994
9.0.1.0360

ESET NOD32
Win32/GenUpdater
7.8891

Malwarebytes
Trojan.Dropper.H
v2013.12.26.02

McAfee
Artemis!886535829D76
5600.7269

NANO AntiVirus
Trojan.Win32.DownLoad3.tffii
0.26.0.55366

XVirus List
Win.Detected
2.3.31

File size:
204 KB (208,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\gboxupdater\ix_updater.exe

File PE Metadata
Compilation timestamp:
6/10/2012 4:05:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:mV+8GiDjHicKT1gv4VjgtRfohb0QhBJLXb:xivHic77fohb0q

Entry address:
0x49D4

Entry point:
E8, 28, 4C, 00, 00, E9, 78, FE, FF, FF, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 08, 85, 01, 10, 00, 74, 05, E9, E2, 4C, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F...
 
[+]

Entropy:
6.3325

Code size:
56 KB (57,344 bytes)

Scheduled Task
Task name:
GboxUpdaterLogonTask

Trigger:
Logon (Runs on logon)

Action:
ix_updater.exe \schedule \profilepath "C:\documents and settings\


The file ix_updater.exe has been discovered within the following programs.

OptimizerPro Updater  by BetterSoft
OptimizerPro is the update program which runs on the PC and checks for updates and automatically downloads and installs them if found. The program is primarily designed to keep the software up to date or provide product upgrades.
77% remove it
TheBflix Updater  by TheBflix
TheBflix Updater is the update program which runs on the PC and checks for updates and automatically downloads and installs them if found based on the user's settings.
83% remove it
WxDFast Updater  by Best Application
wxDownload Fast (also known as wxDFast) is a free/open source download manager. WxDFast Updateris a program designed to manage all installed WxDFast programs on the user's PC and check for and update any new versions of the software if available.
79% remove it
 
Powered by Should I Remove It?

The file ix_updater.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-213-128-72.us-west-2.compute.amazonaws.com  (54.213.128.72:80)

TCP (HTTP):
Connects to lb-212-254.above.com  (103.224.212.254:80)

Remove ix_updater.exe - Powered by Reason Core Security