LT_Updater.exe

Local Temperature Updater

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application LT_Updater.exe, “Weather System Updater for Local Temperature” by Core Systems has been detected as adware by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Local Temperature Updater”. This file is typically installed with the program Local Temperature by Core Systems which is a potentially unwanted software program.
Publisher:
Core Systems  (signed and verified)

Product:
Local Temperature Updater

Description:
Weather System Updater for Local Temperature

Version:
1.0.0.4

MD5:
a382ae79e7c2bce48e91709c8d95396e

SHA-1:
3b1acf89b5f59a40f6ae4c7e2665b988768ae301

SHA-256:
b7c3bf89cc7677fccb6e36a0b7db920d3138b04a6be83e5f9071aee193ba2836

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/24/2024 2:14:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PMA
482

Bitdefender
Adware.Agent.PMA
1.0.20.1415

Emsisoft Anti-Malware
Adware.Agent.PMA
8.15.10.10.07

F-Secure
Adware.Agent.PMA
11.2015-10-10_7

G Data
Adware.Agent.PMA
15.10.25

MicroWorld eScan
Adware.Agent.PMA
16.0.0.849

Reason Heuristics
PUP.Weather.CoreSystems (M)
15.10.10.19

Trend Micro House Call
Suspicious_GEN.F47V0402
7.2.283

VIPRE Antivirus
Bonzuna
40758

File size:
481.9 KB (493,480 bytes)

Product version:
1.0.0.4

Copyright:
Copyright (C) 2015

Original file name:
LT_Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\localtemperature\lt_updater.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/17/2014 3:26:02 PM

Valid to:
6/17/2015 3:26:02 PM

Subject:
CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1F1B2C0AF57F

File PE Metadata
Compilation timestamp:
3/27/2015 9:06:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:JsRvzQ8jKVoheWlIrt9kUbh5+kxaGELv/yxqk:6y0KVo9GbhX10v/ygk

Entry address:
0x2B26F

Entry point:
E8, E1, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, DE, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, C0, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, DE, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00...
 
[+]

Entropy:
6.3555

Code size:
359.5 KB (368,128 bytes)

Service
Display name:
Local Temperature Updater

Service name:
LTUpdater

Type:
Win32OwnProcess


The file LT_Updater.exe has been discovered within the following program.

Local Temperature  by Core Systems
Install advertising in the browser. From the EULA/Terms: "The free version of the Software is supported by advertising. Accordingly, the Site and the free version of the Software may provide third party content, advertising and services, and links thereto (e.g.
localtemperature.net
68% remove it
 
Powered by Should I Remove It?

Remove LT_Updater.exe - Powered by Reason Core Security