SoftwareUpdater.exe

Install Manager

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application SoftwareUpdater.exe by Install Manager has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. Additionally, the file is typically installed by a number of programs including Software Updater version 1.8.3 by Air Software and Software Updater version 1.9.5 by Air Software, both potentially unwanted software.
Publisher:
Software Updater  (signed by Install Manager)

Product:
Software Updater

Version:
1.8.4.0

MD5:
2214fcb2addcca4c6a85a3a814ec6fd0

SHA-1:
75c5a98cce8d098c16b8e42c71e6e01b1846f20b

SHA-256:
7ca08b7a4358cbd819f69672b4859fb980779dc08a2f19d89803ecf3def48903

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 12:52:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallManager.P
14.3.15.19

File size:
1.8 MB (1,934,016 bytes)

Product version:
1.8.4.0

Copyright:
(c) SoftwareUpdater. All rights reserved.

Original file name:
SoftwareUpdater.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\Program Files\software updater\softwareupdater.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
8/6/2013 5:00:00 PM

Valid to:
8/11/2015 5:00:00 AM

Subject:
CN=Install Manager, O=Install Manager, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06C0BBB90999729C33560EC18A203261

File PE Metadata
Compilation timestamp:
3/12/2014 10:42:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:azsy/+jyX77sfCwdwdGmGGfUJtNi+9tl5227W0iiJ5iE8YKDd7ut9m/HnY40l:0/+jW773wOGmGtJtNi+9tlwtE8YU7utZ

Entry address:
0x11C5BE

Entry point:
E8, 05, 8D, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 00, 11, 5A, 00, 75, 02, F3, C3, E9, 8C, 8D, 00, 00, 8B, FF, 51, C7, 01, 60, 1C, 57, 00, E8, 84, 8E, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 90, DB, EF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, C3, 8E, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 6A, 14, 68, B0, 4C, 59, 00, E8, 6C, 2C, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B...
 
[+]

Entropy:
6.4312

Code size:
1.3 MB (1,351,680 bytes)

The file SoftwareUpdater.exe has been discovered within the following programs.

This program will download and install additional adware or other unwanted software using the Air Installer, an ad-supported download manager.
software-updater.com/terms
80% remove it
The is part of a download manager software bundle that distributes potentially unwanted software offers. From the privacy policy: " Air Software may provide its users with the opportunity to receive special offers, products and/or services from third parties.
software-updater.com
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 193-124-232-198.static.unitasglobal.net  (198.232.124.193:80)

TCP (HTTP):
Connects to li927-122.members.linode.com  (45.56.77.122:80)

TCP (HTTP):
Connects to server-54-230-88-92.ind6.r.cloudfront.net  (54.230.88.92:80)

TCP (HTTP):
Connects to server-54-230-57-249.gru1.r.cloudfront.net  (54.230.57.249:80)

TCP (HTTP):
Connects to server-54-230-45-122.fra6.r.cloudfront.net  (54.230.45.122:80)

Remove SoftwareUpdater.exe - Powered by Reason Core Security