updatechecker.exe

QUICK IDEAS, S.L.

The application updatechecker.exe by QUICK IDEAS, S.L has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from www.giftvaultnow.com and multiple other hosts.
Publisher:
QUICK IDEAS, S.L.  (signed and verified)

MD5:
17277c52e48ed4f0dd449c9441e05863

SHA-1:
0ddbc7e71aab6167e19e63146d6f01ce9ddac7fa

SHA-256:
2efdfbf585396a4f688611ce060cf8035abb34542ec40c3ee3e32a61add42d3d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/27/2024 6:02:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittalia.QUICKIDEAS.Installer (M)
16.1.15.12

Trend Micro House Call
TROJ_GEN.R0C1H05K314
7.2.27

File size:
81.4 KB (83,360 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\updatechecker.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
11/19/2013 5:50:57 PM

Valid to:
11/19/2014 5:50:57 PM

Subject:
CN="QUICK IDEAS, S.L.", O="QUICK IDEAS, S.L.", L=Madrid, S=Madrid, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27D76F50DDF2FF

File PE Metadata
Compilation timestamp:
1/5/2012 7:21:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
1536:ll1u4wYQzaWUqRNIk6MbklLsv1Q79wotCJJ4Romu/F1leeKb:llU4wBzaWRRu38YLsdQGlJJ45Slehb

Entry address:
0x4131

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 43, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 44, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 44, 43, 00, 56, A3, F4, 27, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 28, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 44, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Code size:
33.5 KB (34,304 bytes)

The file updatechecker.exe has been seen being distributed by the following 22 URLs.

http://www.giftvaultnow.com/DlEeY402opsvu3QKx3YOCh9AN1FrDcQG5LfJFzDXAkMBh028yJDj8WtD8CvYUKpwa1fJ_Kd8XhIgVidkr4N04_ yYJR_ZRuHmvxQCc4FvWKPIVhbJU5Fovbga5TatX3iADiTX5qA6FAO4HqV09lGFnYrHNZXM_iMPnwfMvEfiHq2ssn31vdR1c_hSm2ZdqiLtHTCLLO6-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/dVodvSlT5sqImPZkpSp4HrffRNc4xZfMXhmmirkhsO0FofLyXrDdx_xSWyLx38eikuWUkzDq89w9 5IGivscQ1Eyc1XBEPIBfRjj5CgpztklGVjYb2brD0utfhVmSLLfn93G_sJhqpZhOI9_iLreGzOCdA4i3lQtnXePPcgsMhrUu89xlDCgETa5M0RH497wSAjXY7u7-GzoAAEQ3F9vWkiGdcaOogj845MDhu0iCbYFQsDF2tiiUb3xThTvdU459n7rDiePcYWgBoGkpoRU=

http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.giftvaultnow.com/9w9KesRuszYoJOY3gOG4JGKJATsVivt2Y_0pN54E O4ko2aPdIRTkcLTJGaHF5IT_a6SQT1BCML9rMXSgVcM1 B0CAsrD7Em3OLXvrjNy9qi4xVWwNTnYmuBZYy7upGN6NKKKitiWnH 30bmFtveeAoyvizpZrS8c lhHWg80VwUXwDgpG4=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/LkoHN4XPQld1oqgFu55bQBeOaQunri74ptsj0BK9Pq4RCIt6NZOJ405cXuiDOc35SE_z_VYkKQ4R yXdQ8tL 1QSLGKliEdFHKYw7GzZ3KrzTlsSv7OuTn2oZkLNLtvLoaDiNrh2NQXowzS5vEpzluysH1ybahCTsNsmj97ybQwbHogDEfg=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/PNIFSvO9PKPoeIaV5qelhhOMOmk7WYNVvV2PYjzbt4y9Xi780efve5fhEbrKnJ8u0OalqDsWN_1bEc6MSqAfjMjcKJmxrbEZzUuSU1MS4XCN1MachWJjCgje4YgMYDhb98dguMMvW4cVQ1xvnxVN7_ai7ggbEEfHn7BkhLUGCIH_9GNBdEod4aW7MASEve2QG h0X5ZA-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/G fUK5CVH6czE3JuNpCHjyIa3dqRNsc1DIs_kKMguVUpvoLL6OE4vdXKyo89txlc7qcxeh7j6BDxWNbnHfnJswqODvJrJS Qf m7BkhUMLYhN7Ua1HIIzd0laxdPNizkODuxIUhgU6OfYqzZyH6xDwo8HMShyHAqwuPFgoBJUBavd_0qGjCyNoewB_L4teK_KIC4KQLv-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.hostingflashmeta.com/WVl6OTRQWFp0U0dwd2IyMDJVM1pSVEhCb1VYaFdXR2RSYUVsRlQzQmhjMnh3T1ZSeFJUaDFjVVlsTWtadmNuWnNPQ1V6UkNaalBWa2xNa1ptT1ZWTU5rZEVPRm81ZUVwbFpHZEJkRTQ1TmxONGVYaFlURTkzZEcxUk5YUTBaMlU0Y0VSaFFtZ2xNa1pEVDFwR1JVNVJabXRDUkU5bFJFcHhlRmRQTjA4NGRVaGFjWEJ6VWxoRU1ucFFUVTFsVUc5ck1HMXplVU5qUjJwUU4xbFRSVE5OYUV4c1NtRklPV1puWVdJeWJqUWxNa0k0VGpSSFpFSlJaWFIwU2s1UU1tdHBjMlJGV1Rsc1JrYzRZWFZMVUVkdVN6RjBVU1V6UkNVelJDWmxQVEVtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1p5WlhNdVpXMXBiRzR1WTI5dEpUSkdZMkZqYUdVbE1rWjFjR05vSlRKR1ptbHlaV1p2ZUNVeVJsVndaR0YwWlVOb1pXTnJaWEl1WlhobA==

http://www.giftvaultnow.com/gKRSa9b_sFau_LBegnltsSzsSsIlJzc7_TdVamBGwHjoqdEqCjqeBA7eTfjaO2RYdgQiQj5hFZUih5xKGoWrFNEG n jXT G6rTFaBcrPj8PI3LzZBqhVrkWVLSbjrqMGewPDUM2wVMxK5O5S77PAfBmmO3N8HodkLueZTd8sEHtggZgMpPNdxoPF8ILEmx9 nHDSmPIlE6gcjUgj_PS0uUfRitiwb5GTbzMWvmBWHs3x5tUWRf9S7ar 78D CaGBAdweWSRpuvqx0X5sUyFxt8dqfQAJg==-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/2SsYBa5KOJFWgVAUIz 5xqvDii9JCieYXfNjLMD759bcKDNAqveSdRWrEdBtK4Mr4l1TmUBrgM2S5WH8pabRmeoW isb4aHAFWjmnI2U6e5L9uZuGQZUE 5gU 3SR5SoznQMdspoJ7OeWW 7997hhY5OalbbShWGab4nZPzYlLuA4YcRZTU7ofg2ar5mwWPPpCEzl1RqmPgePsuiwpSFqMntkTE7cZOUoDFYLomzGAfWxs5dyJyZa0515H7IMpH97zmto4qD5vlFQHOJwWwnvR16z s yzPZj2_SS 0sh1ELsGdLROY=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G-E

http://www.giftvaultnow.com/Wfy9FqcyL72FLFWmUFBBHZXObzVZ0yv_yyU0_suAQURfxUEKDuSdpb88HHjPzjOuWBt7ZnIv2aszT5PAYCtGKZsLQbSXEQ81NmEL2CqUTT7nrABI6L65cg7tx1KPBH9TpSJWPujVkx5SyUaFAdo21LR1HdiIcVAnm_gkKKb0Si2ZMvw4cl4=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/D9 d4VI5sUhCcdGn_gGpNaB lOGcrU aptPXxoNPFfqMZUFQpalFbDyWanxBq5NUyrT0EKq24gngp0mJw5jog1kwmson_YzfFFc1suhRbn6Co5rEROrLX4A8ztYXdWezhDPiIwyviBrevu6hL9QDK4mueHIY_3YTVhigobJ85ecqokF82iE=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/_Fxnp8CvtwuLep7uSj7SakciOrKqyjXLcJn7WMWDcqpu7jqvIadAIAoVcbPWgd8NeHrM5 D_fei7 6iYtov_g07s Bu9LhK IWyklPQEREm7I_av Rr_k6ILk38slOWwHetMUuilkJfXfWfuPac NCb5pQhAqLftK4kwWFDK4DkCFODHK5En KeaE280Ieq3qXT46q5Q0buPK3VOPVQbx212urMsK3okw5OfZ1aWBVHhA9F_Vg1Q3BPF4e6lSTyUtnjx4WE9W QlE mtGngY0THv67RdyA==-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

Remove updatechecker.exe - Powered by Reason Core Security