home

updateadmin.exe

Bush Street Installer

The application updateadmin.exe by Bush Street Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘UpdateAdmin’.
Publisher:
Bush Street Installer  (signed and verified)

Version:
2.1.2103

MD5:
22b986d1ac70836b10ca35ed7d2cadd7

SHA-1:
a865d80dfca6232b7de2fbb48dcacaa1699404ab

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:58:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Tightrope.DownloadAdmin
17.1.17.16

File size:
382.3 KB (391,439 bytes)

Product version:
2.1.2103

Copyright:
© 2016 All Rights Reserved

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\updateadmin\updateadmin.exe

Digital Signature
Signed by:
Bush Street Installer

Authority:
GoDaddy.com, Inc.

Valid from:
6/9/2016 1:21:38 AM

Valid to:
6/9/2017 1:21:38 AM

Subject:
CN=Bush Street Installer, O=Bush Street Installer, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
008E3B6BA148656CF1

File PE Metadata
Compilation timestamp:
8/11/2016 10:03:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x11DD0

Entry point:
BB, B3, 29, 53, 73, 93, E9, 20, 01, 00, 00, AB, 51, B4, B0, 5C, E0, B4, B0, D4, D1, 37, 34, 34, B4, 34, 34, BF, 34, 34, 34, 93, 65, 6A, 65, 64, 65, 6D, 6B, 6A, 34, 34, 34, A8, 95, AE, 99, 96, 95, A1, 95, 62, 98, A0, A0, 34, 34, 34, 34, 90, 34, 34, 34, 7A, A6, 99, 99, 80, 9D, 96, A6, 95, A6, AD, 34, 77, A6, 99, 95, A8, 99, 78, 9D, A6, 99, 97, A8, A3, A6, AD, 75, 34, 34, 34, 34, 7B, 99, A8, 8B, 9D, A2, 98, A3, AB, A7, 78, 9D, A6, 99, 97, A8, A3, A6, AD, 75, 34, 34, 34, 34, 7B, 99, A8, 81, A3, 98, A9, A0, 99...
 
[+]

Code size:
116 KB (118,784 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
UpdateAdmin

Command:
C:\Documents and Settings\{user}\Application data\updateadmin\updateadmin.exe \run


Remove updateadmin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.