LT_Updater.exe

Local Temperature Updater

Core Systems

Part of an adware web browser extension that delivers advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application LT_Updater.exe, “Weather System Updater for Local Temperature” by Core Systems has been detected as adware by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Local Temperature Updater”. This file is typically installed with the program Local Temperature by Core Systems which is a potentially unwanted software program.
Publisher:
Core Systems  (signed and verified)

Product:
Local Temperature Updater

Description:
Weather System Updater for Local Temperature

Version:
1.0.0.6

MD5:
f785c6af7e0bdad9f05220284720d2fb

SHA-1:
40adf92ea12edecc4c75a8838715597490c01000

SHA-256:
2a4b4f0cdfd53bbb055893a9b86ad486331263eda72c19ce6be949049203b746

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
11/23/2024 8:10:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PMA
453

Bitdefender
Adware.Agent.PMA
1.0.20.1560

Emsisoft Anti-Malware
Adware.Agent.PMA
8.15.11.08.06

F-Secure
Adware.Agent.PMA
11.2015-08-11_1

G Data
Adware.Agent.PMA
15.11.25

MicroWorld eScan
Adware.Agent.PMA
16.0.0.936

Reason Heuristics
PUP.Weather.CoreSystems (M)
15.11.8.18

Trend Micro House Call
Suspicious_GEN.F47V0328
7.2.312

VIPRE Antivirus
Bonzuna
44236

File size:
505 KB (517,160 bytes)

Product version:
1.0.0.6

Copyright:
Copyright (C) 2015

Original file name:
LT_Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\localtemperature\lt_updater.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/17/2014 4:26:02 PM

Valid to:
6/17/2015 4:26:02 PM

Subject:
CN=Core Systems, O=Core Systems, L=Austin, S=Texas, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B1F1B2C0AF57F

File PE Metadata
Compilation timestamp:
5/10/2015 4:14:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:kAXtTXqbLlhM92qCH5hKWuLzvLr1AsqCA:xFYlhrvbwzvdLqN

Entry address:
0x2CBF9

Entry point:
E8, 13, 0D, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 78, 3E, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, 20, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 78, 3E, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Entropy:
6.3703

Code size:
378.5 KB (387,584 bytes)

Service
Display name:
Local Temperature Updater

Service name:
LTUpdater

Type:
Win32OwnProcess


The file LT_Updater.exe has been discovered within the following program.

Local Temperature  by Core Systems
Install advertising in the browser. From the EULA/Terms: "The free version of the Software is supported by advertising. Accordingly, the Site and the free version of the Software may provide third party content, advertising and services, and links thereto (e.g.
localtemperature.net
68% remove it
 
Powered by Should I Remove It?

Remove LT_Updater.exe - Powered by Reason Core Security