home

SwiftSearchAutoUpdateClient.exe

SS AutoUpdate Client

SwiftSearch

The application SwiftSearchAutoUpdateClient.exe by SwiftSearch has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
SS  (signed by SwiftSearch)

Product:
SS AutoUpdate Client

Version:
1.10.0.25

MD5:
080230e941aa28bd8b746a7fef62224a

SHA-1:
b7f514a82b07032e16129083140f25d89398fd74

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:36:06 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Vitruvian (variant)
9.12296

Malwarebytes
PUP.Optional.SwiftSearch
v2015.09.30.01

Reason Heuristics
PUP.SwiftSearch (M)
16.1.15.8

File size:
64.1 KB (65,616 bytes)

Product version:
1.10.0.25

Copyright:
Copyright (C) 2015

Original file name:
SwiftSearchAutoUpdateClient.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\swiftsearch_1.10.0.25\update\swiftsearchautoupdateclient.exe

Digital Signature
Signed by:
SwiftSearch

Authority:
GlobalSign nv-sa

Valid from:
2/23/2015 10:45:07 PM

Valid to:
2/23/2017 10:45:07 PM

Subject:
E=support@swiftsearchapp.com, CN=SwiftSearch, O=SwiftSearch, L=San Diego, S=CA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11212243360BF81E92B757E53EF472D24198

File PE Metadata
Compilation timestamp:
9/23/2015 1:41:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:T9AaLigcCQEh666666666666WYi65WXmDJ5l/pMenS4:T9AycG666666666666WYSXKJ5HMenr

Entry address:
0xFC5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
55.5 KB (56,832 bytes)

Scheduled Task
Task name:
SwiftSearch Auto Updater 1.10.0.25 Core

Path:
C:\WINDOWS\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core.job

Trigger:
Logon (Runs on logon)

Description:
SwiftSearch Auto Updater 1.10.0.25 Core


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-244-241-3.us-west-2.compute.amazonaws.com  (54.244.241.3:443)

TCP (HTTP SSL):
Connects to ec2-50-112-101-207.us-west-2.compute.amazonaws.com  (50.112.101.207:443)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.20:80)

TCP (HTTP SSL):
Connects to ec2-50-112-118-144.us-west-2.compute.amazonaws.com  (50.112.118.144:443)

TCP (HTTP):
Connects to sayfabulunamadi.com  (93.155.105.142:80)

TCP (HTTP):
Connects to ec2-54-174-111-151.compute-1.amazonaws.com  (54.174.111.151:80)

Remove SwiftSearchAutoUpdateClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.