toolbarupdaterservice.exe

Zugo Ltd

The application toolbarupdaterservice.exe by Zugo has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Updater Service for StartNow Toolbar”. This file is typically installed with the program StartNow Toolbar by StartNow.com which is a potentially unwanted software program.
Publisher:
Zugo Ltd  (signed and verified)

MD5:
87d6b7229afbba2ea523e28c5137c980

SHA-1:
306998da16e7c5e50c6775dcc23dcba5796d732a

SHA-256:
03badbfdd5522af34f4cbf4418129ed3c1c9227a67805f95e0c34b48ce92ef35

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/12/2024 7:02:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Zugo (M)
17.3.13.17

File size:
259.7 KB (265,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\startnow toolbar\toolbarupdaterservice.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
1/27/2011 7:00:00 PM

Valid to:
1/27/2013 6:59:59 PM

Subject:
CN=Zugo Ltd, O=Zugo Ltd, STREET=PO Box 36, STREET=1st Floor, STREET=37 Broad St., L=St Helier, S=Jersey, PostalCode=JE4 9NU, C=JE

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
46241CDE5C7B500B51C5F1328228F2A9

File PE Metadata
Compilation timestamp:
4/17/2012 9:44:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x15667

Entry point:
E8, AB, 7A, 00, 00, E9, 79, FE, FF, FF, FF, 35, AC, 31, 43, 00, E8, 4C, 2C, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, F1, 52, 00, 00, 6A, 01, 6A, 00, E8, 31, 7C, 00, 00, 83, C4, 0C, E9, 12, 7B, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 83, 38, 00, 53, 56, 57, 74, 2A, 8B, 5D, 0C, 0F, B7, 3B, 8B, D3, 66, 85, FF, 74, 15, 0F, B7, 30, 0F, B7, CF, 66, 3B, CE, 74, 12, 42, 42, 0F, B7, 0A, 66, 85, C9, 75, F1, 40, 40, 66, 83, 38, 00, 75, DC, 2B, 45, 08, 5F, 5E, D1, F8, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45...
 
[+]

Entropy:
6.2769

Code size:
157 KB (160,768 bytes)

Service
Display name:
Updater Service for StartNow Toolbar

Description:
The startup of this service enables the periodic checking of software updates for the StartNow Toolbar and the download and installation of such updates if applicable. Disabling this service will stop

Type:
Win32OwnProcess


The file toolbarupdaterservice.exe has been discovered within the following program.

StartNow Toolbar  by StartNow.com
StartNow is a web browser toolbar that changes your homepage and redirects valid searches.
about.startnow.com
79% remove it
 
Powered by Should I Remove It?

Remove toolbarupdaterservice.exe - Powered by Reason Core Security