» SoftwareUpdater.Ui.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (11)

SoftwareUpdater.Ui.exe

SoftwareUpdater

The executable SoftwareUpdater.Ui.exe has been detected as malware by 5 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program SoftwareUpdater by One Installer LLC which is a potentially unwanted software program. While running, it connects to the Internet address blob.am5prdstr02a.store.core.windows.net on port 80 using the HTTP protocol.

File name:

Product:

SoftwareUpdater

Description:

Software Updater

Version:

2.4.1.11

MD5:

d26fe6176590b80ae75666bcfa6952e5

SHA-1:

8aceb087e072280db3334879aed942d127f94c40

SHA-256:

91dc5b7b720182d50ab67b82c2e7a49430d6421fe8f89ddc2dc1c237bac3b62f

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

11/23/2024 2:45:54 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

HackTool.Win32.Injector

4.0.3.131221

Boost by Reason

Optional.Task.R

188163

Dr.Web

Trojan.DownLoader10.60277

9.0.1.0355

Reason Heuristics

Unnamed.Threat.14

14.3.1.14

Trend Micro House Call

TROJ_GEN.F47V1219

7.2.355

File size:

888.5 KB (909,824 bytes)

Product version:

2.4.1.11

Original file name:

SoftwareUpdater.Ui.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\softwareupdater\softwareupdater.ui.exe

File PE Metadata

Compilation timestamp:

12/18/2013 2:06:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:MHyT5pWp6jFTvGlsVAzcLuuuuuuuuuuuuuuuuuuuuuuuuuuuU:r5MojZOlsVAA

Entry address:

0x5596E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

334.5 KB (342,528 bytes)

Scheduled Task

Task name:

Software Updater Ui

Trigger:

Logon (Runs on logon)

The file SoftwareUpdater.Ui.exe has been discovered within the following program.

SoftwareUpdater by One Installer LLC

SoftwareUpdater is the update program which runs on the PC and checks for updates and automatically downloads and installs them if found based on the user's settings.

85% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-3-w.amazonaws.com (54.231.134.2:80)

TCP (HTTP):

Connects to blob.am5prdstr02a.store.core.windows.net (40.68.232.24:80)

Remove SoftwareUpdater.Ui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.