javaupdate.exe

Blueis

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application javaupdate.exe by Blueis has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Blueis  (signed and verified)

MD5:
654d00911221b0a8bc5a33c8952a9d21

SHA-1:
2feba74e500fd2721b3a0c8184b0f435e7b61509

SHA-256:
93461f2f5dc3d5d1e36fd4c48cf848665b11f23c7445f376f37823e94b5d2090

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/28/2024 12:36:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:DownloadAdmin-H [PUP]
2014.9-150830

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Vittalia.27
9.0.1.0242

ESET NOD32
Win32/DownloadAdmin.I potentially unwanted application
9.7.0.302.0

F-Secure
Adware:W32/WebInstallBundle
11.2015-30-08_1

herdProtect (fuzzy)
2015.8.30.12

Malwarebytes
PUP.Optional.DownloadAdmin.A
v2015.08.30.12

NANO AntiVirus
Trojan.Win32.XPACK.dprfbr
0.30.10.952

Reason Heuristics
PUP.Tightrope.Blueis.Bundler (M)
15.7.27.21

VIPRE Antivirus
Threat.4783369
36694

Zillya! Antivirus
Downloader.Agent.Win32.239245
2.0.0.2132

File size:
651.3 KB (666,976 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\javaupdate.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/6/2014 6:00:00 PM

Valid to:
11/7/2015 5:59:59 PM

Subject:
CN=Blueis, O=Blueis, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
58AC2B1B2E1E80F003ECEE0F41F4124A

File PE Metadata
Compilation timestamp:
1/29/2015 12:35:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:vKCFG+pl1Hp7p4ZkuRt4Zh3UdOxouSdWE7uglrB/jmN7Trkfcn+ze:v3Xxp4Zkuf47kdtdZ7uC/jmlrDn+ze

Entry address:
0x234A

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 78, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, E8, F8, FD, FF, FF, FF, 15, 30, 77, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 2C, 77, 40, 00, 6A, 08, A3, 98, 3D, 42, 00, E8, DD, F9, FF, FF, 53, 68, 60, 01, 00, 00, A3, A0, 3C, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 0B, 74, 40, 00, FF, 15, 50, 71, 40, 00, 68, 00, 74, 40, 00, 68, A0, 34, 42, 00, E8, 5A, F3, FF, FF, FF, 15, BC, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57...
 
[+]

Entropy:
7.9728

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file javaupdate.exe has been seen being distributed by the following URL.

Remove javaupdate.exe - Powered by Reason Core Security