LT_Updater.exe

Local Temperature Updater

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application LT_Updater.exe, “Weather System Updater for Local Temperature” by Core Systems has been detected as adware by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Local Temperature Updater”. This file is typically installed with the program Local Temperature by Core Systems which is a potentially unwanted software program.
Publisher:
Core Systems  (signed and verified)

Product:
Local Temperature Updater

Description:
Weather System Updater for Local Temperature

Version:
1.0.0.6

MD5:
65ca68386c423521eec0e3944a52db3f

SHA-1:
08215eb06551d320406e87f24e79daab20beb2be

SHA-256:
bd9f7f6c9b5e5cd2977d202f002f527b06e7791ec5af371291a040ad208260b0

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/24/2024 1:50:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PMA
415

Bitdefender
Adware.Agent.PMA
1.0.20.1755

Emsisoft Anti-Malware
Adware.Agent.PMA
8.15.12.17.03

F-Secure
Adware.Agent.PMA
11.2015-17-12_5

G Data
Adware.Agent.PMA
15.12.25

MicroWorld eScan
Adware.Agent.PMA
16.0.0.1053

Reason Heuristics
PUP.Weather.CoreSystems (M)
15.12.17.3

Trend Micro House Call
Suspicious_GEN.F47V0328
7.2.351

VIPRE Antivirus
Bonzuna
39130

File size:
505 KB (517,160 bytes)

Product version:
1.0.0.6

Copyright:
Copyright (C) 2015

Original file name:
LT_Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\localtemperature\lt_updater.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/17/2014 3:26:02 PM

Valid to:
6/17/2015 3:26:02 PM

Subject:
CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1F1B2C0AF57F

File PE Metadata
Compilation timestamp:
5/10/2015 3:14:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:/AXtTXqbLlhM92qCH5hKWuLzvLr1AsqC8:oFYlhrvbwzvdLqR

Entry address:
0x2CBF9

Entry point:
E8, 13, 0D, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 78, 3E, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, 20, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 78, 3E, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Entropy:
6.3704

Code size:
378.5 KB (387,584 bytes)

Service
Display name:
Local Temperature Updater

Service name:
LTUpdater

Type:
Win32OwnProcess


The file LT_Updater.exe has been discovered within the following program.

Local Temperature  by Core Systems
Install advertising in the browser. From the EULA/Terms: "The free version of the Software is supported by advertising. Accordingly, the Site and the free version of the Software may provide third party content, advertising and services, and links thereto (e.g.
localtemperature.net
68% remove it
 
Powered by Should I Remove It?

Remove LT_Updater.exe - Powered by Reason Core Security