LT_Updater.exe

Local Temperature Updater

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application LT_Updater.exe, “Weather System Updater for Local Temperature” by Core Systems has been detected as adware by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Local Temperature Updater”. This file is typically installed with the program Local Temperature by Core Systems which is a potentially unwanted software program.
Publisher:
Core Systems  (signed and verified)

Product:
Local Temperature Updater

Description:
Weather System Updater for Local Temperature

Version:
1.0.0.5

MD5:
1066bcb3242545fae73dcc015d9e47c8

SHA-1:
1a028ffbcf222f19c82f12cb7b01b005ed486842

SHA-256:
e02c6efada40a180eafcab427202450ff19f0901058eb4c7f5514d80b93bc248

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/24/2024 1:51:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PMA
479

Bitdefender
Adware.Agent.PMA
1.0.20.1430

Emsisoft Anti-Malware
Adware.Agent.PMA
8.15.10.13.09

F-Secure
Adware.Agent.PMA
11.2015-13-10_3

G Data
Adware.Agent.PMA
15.10.25

MicroWorld eScan
Adware.Agent.PMA
16.0.0.858

Reason Heuristics
PUP.Weather.CoreSystems (M)
15.10.13.21

Trend Micro House Call
Suspicious_GEN.F47V0505
7.2.286

VIPRE Antivirus
Bonzuna
40816

File size:
505 KB (517,160 bytes)

Product version:
1.0.0.5

Copyright:
Copyright (C) 2015

Original file name:
LT_Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\localtemperature\lt_updater.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/18/2014 4:26:02 AM

Valid to:
6/18/2015 4:26:02 AM

Subject:
CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1F1B2C0AF57F

File PE Metadata
Compilation timestamp:
5/5/2015 12:49:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:uAXtTXqbLlhM92qCH5hKWuLzvPr1Ns+CD:zFYlhrvbwzvBi+6

Entry address:
0x2CBF9

Entry point:
E8, 13, 0D, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 78, 3E, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, 20, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 78, 3E, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Entropy:
6.3704

Code size:
378.5 KB (387,584 bytes)

Service
Display name:
Local Temperature Updater

Service name:
LTUpdater

Type:
Win32OwnProcess


The file LT_Updater.exe has been discovered within the following program.

Local Temperature  by Core Systems
Install advertising in the browser. From the EULA/Terms: "The free version of the Software is supported by advertising. Accordingly, the Site and the free version of the Software may provide third party content, advertising and services, and links thereto (e.g.
localtemperature.net
68% remove it
 
Powered by Should I Remove It?

Remove LT_Updater.exe - Powered by Reason Core Security