home

updatechecker.exe

QUICK IDEAS, S.L.

The application updatechecker.exe by QUICK IDEAS, S.L has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from www.giftvaultnow.com and multiple other hosts.
Publisher:
QUICK IDEAS, S.L.  (signed and verified)

MD5:
17277c52e48ed4f0dd449c9441e05863

SHA-1:
0ddbc7e71aab6167e19e63146d6f01ce9ddac7fa

SHA-256:
2efdfbf585396a4f688611ce060cf8035abb34542ec40c3ee3e32a61add42d3d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
11/23/2024 7:49:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vittalia.QUICKIDEAS.Installer (M)
16.1.15.12

Trend Micro House Call
TROJ_GEN.R0C1H05K314
7.2.27

File size:
81.4 KB (83,360 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\updatechecker.exe

Digital Signature
Signed by:
QUICK IDEAS, S.L.

Authority:
GoDaddy.com, Inc.

Valid from:
11/19/2013 5:50:57 PM

Valid to:
11/19/2014 5:50:57 PM

Subject:
CN="QUICK IDEAS, S.L.", O="QUICK IDEAS, S.L.", L=Madrid, S=Madrid, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27D76F50DDF2FF

File PE Metadata
Compilation timestamp:
1/5/2012 7:21:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
1536:ll1u4wYQzaWUqRNIk6MbklLsv1Q79wotCJJ4Romu/F1leeKb:llU4wBzaWRRu38YLsdQGlJJ45Slehb

Entry address:
0x4131

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 43, 43, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 44, 43, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 44, 43, 00, 56, A3, F4, 27, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, 28, 43, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 44, 43, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Code size:
33.5 KB (34,304 bytes)

The file updatechecker.exe has been seen being distributed by the following 22 URLs.

http://www.giftvaultnow.com/DlEeY402opsvu3QKx3YOCh9AN1FrDcQG5LfJFzDXAkMBh028yJDj8WtD8CvYUKpwa1fJ_Kd8XhIgVidkr4N04_ yYJR_ZRuHmvxQCc4FvWKPIVhbJU5Fovbga5TatX3iADiTX5qA6FAO4HqV09lGFnYrHNZXM_iMPnwfMvEfiHq2ssn31vdR1c_hSm2ZdqiLtHTCLLO6-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/dVodvSlT5sqImPZkpSp4HrffRNc4xZfMXhmmirkhsO0FofLyXrDdx_xSWyLx38eikuWUkzDq89w9 5IGivscQ1Eyc1XBEPIBfRjj5CgpztklGVjYb2brD0utfhVmSLLfn93G_sJhqpZhOI9_iLreGzOCdA4i3lQtnXePPcgsMhrUu89xlDCgETa5M0RH497wSAjXY7u7-GzoAAEQ3F9vWkiGdcaOogj845MDhu0iCbYFQsDF2tiiUb3xThTvdU459n7rDiePcYWgBoGkpoRU=

http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.giftvaultnow.com/9w9KesRuszYoJOY3gOG4JGKJATsVivt2Y_0pN54E O4ko2aPdIRTkcLTJGaHF5IT_a6SQT1BCML9rMXSgVcM1 B0CAsrD7Em3OLXvrjNy9qi4xVWwNTnYmuBZYy7upGN6NKKKitiWnH 30bmFtveeAoyvizpZrS8c lhHWg80VwUXwDgpG4=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/LkoHN4XPQld1oqgFu55bQBeOaQunri74ptsj0BK9Pq4RCIt6NZOJ405cXuiDOc35SE_z_VYkKQ4R yXdQ8tL 1QSLGKliEdFHKYw7GzZ3KrzTlsSv7OuTn2oZkLNLtvLoaDiNrh2NQXowzS5vEpzluysH1ybahCTsNsmj97ybQwbHogDEfg=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/PNIFSvO9PKPoeIaV5qelhhOMOmk7WYNVvV2PYjzbt4y9Xi780efve5fhEbrKnJ8u0OalqDsWN_1bEc6MSqAfjMjcKJmxrbEZzUuSU1MS4XCN1MachWJjCgje4YgMYDhb98dguMMvW4cVQ1xvnxVN7_ai7ggbEEfHn7BkhLUGCIH_9GNBdEod4aW7MASEve2QG h0X5ZA-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/G fUK5CVH6czE3JuNpCHjyIa3dqRNsc1DIs_kKMguVUpvoLL6OE4vdXKyo89txlc7qcxeh7j6BDxWNbnHfnJswqODvJrJS Qf m7BkhUMLYhN7Ua1HIIzd0laxdPNizkODuxIUhgU6OfYqzZyH6xDwo8HMShyHAqwuPFgoBJUBavd_0qGjCyNoewB_L4teK_KIC4KQLv-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.hostingflashmeta.com/WVl6OTRQWFp0U0dwd2IyMDJVM1pSVEhCb1VYaFdXR2RSYUVsRlQzQmhjMnh3T1ZSeFJUaDFjVVlsTWtadmNuWnNPQ1V6UkNaalBWa2xNa1ptT1ZWTU5rZEVPRm81ZUVwbFpHZEJkRTQ1TmxONGVYaFlURTkzZEcxUk5YUTBaMlU0Y0VSaFFtZ2xNa1pEVDFwR1JVNVJabXRDUkU5bFJFcHhlRmRQTjA4NGRVaGFjWEJ6VWxoRU1ucFFUVTFsVUc5ck1HMXplVU5qUjJwUU4xbFRSVE5OYUV4c1NtRklPV1puWVdJeWJqUWxNa0k0VGpSSFpFSlJaWFIwU2s1UU1tdHBjMlJGV1Rsc1JrYzRZWFZMVUVkdVN6RjBVU1V6UkNVelJDWmxQVEVtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEFsTTBFbE1rWWxNa1p5WlhNdVpXMXBiRzR1WTI5dEpUSkdZMkZqYUdVbE1rWjFjR05vSlRKR1ptbHlaV1p2ZUNVeVJsVndaR0YwWlVOb1pXTnJaWEl1WlhobA==

http://www.giftvaultnow.com/gKRSa9b_sFau_LBegnltsSzsSsIlJzc7_TdVamBGwHjoqdEqCjqeBA7eTfjaO2RYdgQiQj5hFZUih5xKGoWrFNEG n jXT G6rTFaBcrPj8PI3LzZBqhVrkWVLSbjrqMGewPDUM2wVMxK5O5S77PAfBmmO3N8HodkLueZTd8sEHtggZgMpPNdxoPF8ILEmx9 nHDSmPIlE6gcjUgj_PS0uUfRitiwb5GTbzMWvmBWHs3x5tUWRf9S7ar 78D CaGBAdweWSRpuvqx0X5sUyFxt8dqfQAJg==-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/2SsYBa5KOJFWgVAUIz 5xqvDii9JCieYXfNjLMD759bcKDNAqveSdRWrEdBtK4Mr4l1TmUBrgM2S5WH8pabRmeoW isb4aHAFWjmnI2U6e5L9uZuGQZUE 5gU 3SR5SoznQMdspoJ7OeWW 7997hhY5OalbbShWGab4nZPzYlLuA4YcRZTU7ofg2ar5mwWPPpCEzl1RqmPgePsuiwpSFqMntkTE7cZOUoDFYLomzGAfWxs5dyJyZa0515H7IMpH97zmto4qD5vlFQHOJwWwnvR16z s yzPZj2_SS 0sh1ELsGdLROY=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G-E

http://www.giftvaultnow.com/Wfy9FqcyL72FLFWmUFBBHZXObzVZ0yv_yyU0_suAQURfxUEKDuSdpb88HHjPzjOuWBt7ZnIv2aszT5PAYCtGKZsLQbSXEQ81NmEL2CqUTT7nrABI6L65cg7tx1KPBH9TpSJWPujVkx5SyUaFAdo21LR1HdiIcVAnm_gkKKb0Si2ZMvw4cl4=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/D9 d4VI5sUhCcdGn_gGpNaB lOGcrU aptPXxoNPFfqMZUFQpalFbDyWanxBq5NUyrT0EKq24gngp0mJw5jog1kwmson_YzfFFc1suhRbn6Co5rEROrLX4A8ztYXdWezhDPiIwyviBrevu6hL9QDK4mueHIY_3YTVhigobJ85ecqokF82iE=-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.giftvaultnow.com/_Fxnp8CvtwuLep7uSj7SakciOrKqyjXLcJn7WMWDcqpu7jqvIadAIAoVcbPWgd8NeHrM5 D_fei7 6iYtov_g07s Bu9LhK IWyklPQEREm7I_av Rr_k6ILk38slOWwHetMUuilkJfXfWfuPac NCb5pQhAqLftK4kwWFDK4DkCFODHK5En KeaE280Ieq3qXT46q5Q0buPK3VOPVQbx212urMsK3okw5OfZ1aWBVHhA9F_Vg1Q3BPF4e6lSTyUtnjx4WE9W QlE mtGngY0THv67RdyA==-GzsAAATKbbHtW1ooyoEWHZvCwCEHDt9FEmwLgIKNsbNFoXzjm5SdO3Y92gff0Y 5NMTIg0DUIo0G

http://www.gifthosttours.com/c?x=grJcNC6UDW7rzIJCwjyLjFwAJzZSQ5RIjjibDSVt7DQ=&c=SdLES/YKn/9BRnskTfLR4jg9N76pz1emRjCavGyO R9QGAwTgqsOo71YVW KlErRynrcGyq4vuV0Lmix2NLmrgmNLa/Qs5zcyDDeUVh972PV5TiUwWQjjcqyLogEDJ3/O3kpiJO 6ZZBiQGWxkm H8W/UPoeZFylsHf3ImhyQSM=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.toursclearhost.com/WVl6OTRQV3RaVG1aYVIwRkpPRmxITlRWaU5ITnRhVllsTWtaa1l6SjZNWFZMZWxaS1UxQk9lbE5IWkRKTWREZHhZeVV6UkNaalBWaG5aR3RLWldGd1FWSjBaVkZFU1NVeVJrVnpRbTl3VGxaTWFua3dTa2RoUjI0bE1rSmlla052UWpWeFYwUnJSMmRtTUVkT05sbFJTRTE1Y2trM1IzbFhaSGRaU25ReFpYTTRUamhWUjFoUGVXcFVRalJzZVZWaEpUSkNWR3NsTWtKUVZFdEVSVlZIUzNKNFFrOHpRV2xXV1RWRGRXWk1SamhMZDBSSFNsbGFVR1FsTWtKVlEyUnBZamRtYlUxeFdrTnJjR1o2U1hOMWJVZzFWVTUxT1ZFbE0wUWxNMFFtWlQweEptWmhiR3hpWVdOclgzVnliRDFvZEhSd0pUTkJKVEpHSlRKR2NtVnpMbVZ0YVd4dUxtTnZiU1V5Um1OaFkyaGxKVEpHZFhCamFDVXlSbVpwY21WbWIzZ2xNa1pWY0dSaGRHVkRhR1ZqYTJWeUxtVjRaUT09

http://www.bitsbytehost.com/WVl6OTRQV1pJYTBVM1lrOW5SR2MyUTNwWU1HNVJkbkl4YW5Cd1EycDZObWxLYTFKUk1raHNjR3R3T1hGS2NGVWxNMFFtWXowelZsbGFjMkY1YUhCM1EyRXhSRXNsTWtKS05WRnZSa280Y0dOSGEyRklaWFJaTlVsRmFsaHdVMnhsTlhCRVZqaFljVFZaTTFsV2EzVnVaMDEyVWxOV01tSmtSbGRUYVdSaVptbG9UalZSV1d0SllteEZiRVJUWlVWUU1WZGxORzVsV1dneWNVcG5WbHBpYlVod1VrWmFWVUZOZGt0WU1rWmFNVmhSU21OWVVrSjRKVEpHWjNoSlpWSjJjMGRCUVVGTFQycG5VMnBWU0ZSM0pUTkVKVE5FSm1VOU1TWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNDVXpRU1V5UmlVeVJuSmxjeTVsYldsc2JpNWpiMjBsTWtaallXTm9aU1V5Um5Wd1kyZ2xNa1ptYVhKbFptOTRKVEpHVlhCa1lYUmxRMmhsWTJ0bGNpNWxlR1U9

http://www.contentsignssoftware.com/WVl6OTRQVEZIUWtweFRqaEJRMlZIV2tveGFuVXhVbUZzVlUxMVZUTjJPVkpuU0c1bVdrbE1RaVV5UWs5RlVtaGFVU1V6UkNaalBYQkhiMVJKT0RneFVVMXhRbmhETmxweVN5VXlSbE5vWTAxb2RqQTRhMjlYUVd3MlYwaDFWU1V5UmswMWRYcDRla0ZMTmpCbFJWZERha2RoYVhBMGRGcE1ZbWhxY210NWIwNUJka3RFWm1JM1kwZ3lTRGhtTVUxd1ltRmtZMWQ2WVVkU1RuZFpSemQ2VXpGVU0wMVFXV2hOU1VSQ2NFdFJWVlJpVW5SeE1FSjRWMkUxZHpkdlMycDJibmxHTkhWbmRtdFpPV05UY2tKcFdYY2xNMFFsTTBRbVpUMHhKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdjbVZ6TG1WdGFXeHVMbU52YlNVeVJtTmhZMmhsSlRKR2RYQmphQ1V5Um1acGNtVm1iM2dsTWtaVmNHUmhkR1ZEYUdWamEyVnlMbVY0WlE9PQ==

http://www.hostvaultcycle.com/c?x=bgrWn9X6hAfHK7D5XKUgIr6C2DeQgILbWeVUC610kOs=&c=AEoePviF/xevSOBeM4WXgENP6mTGIQm8mmkiyCa6Us6KfDnGFaQsNqtVZGwhPTwT2nxkrnTRy48fsabq5PUaOlUYmp4l/43BhhzruEhjprQcWNaYABbRzO6sq88DyIZ7TXR3i3vqPIoM1taRnLz/BY9sHo/U9pI lAo6ed37if4=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.newfunbundle.com/c?x=OucLdt7fOwIQRzaAPIitZaV/ zhy0DyEhIubyoDgJKU=&c=wgjBVZ8U4/6Gi4HhUolZg0iwZIU90K5w4N1zpl/rLGx8ijB9SUTmkCEbjTBX5qs9z3bRIxeiqockZNlWP0bBrx8KOCOR0MUq6leb19/C4sS2ViDFoxTzK2ovfPPe82rwxjDRQ1yVCSRQG34sNnPz39MTrTr9aowh0dIzwafRUOwXJ6j1idhUgZs5VvlaD2MM&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.packagesharebits.com/WVl6OTRQWFYxU0c1S01FTmhRbmdsTWtaekpUSkNkRU5KTkRSeFJUTkxValZYUVU5NE0wOVNkekJZZVhWQlZsTmFOM2RWSlRORUptTTlielYyTjBobU0zQnZKVEpHTW5velpFNWtPV3RJV2t4b01VaHRlRFJOZDJscFJucFFNa1p6U1hVM1kwZzFXakkzYzAxMVZFWkhPV1pxU2xsa2R6VnpWSE4zUVRsaVJIYzBVa1JtTm05a1ZEUmhhR3RJTW00bE1rSk1UMjhsTWtKQ1duaE9Sa2h3UkVZMlVGa2xNa1kxV1hGNlZHMXFPR1owV1UxNGFGUmtObkZFVEd4YVlqVmtUelpFUm01eFp6RmlkMUJCZWpsMU1qaHVkU1V5UWtJMVp5VXpSQ1V6UkNabFBURW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWnlaWE11WlcxcGJHNHVZMjl0SlRKR1kyRmphR1VsTWtaMWNHTm9KVEpHWm1seVpXWnZlQ1V5UmxWd1pHRjBaVU5vWldOclpYSXVaWGhs

http://www.bundlessignscurrent.com/c?x=EAR8p/GRtpkedg jxd9hBMTjDHj7bQygd9niBHs37L8=&c=wZPqflTQAEcujXjxBXy3wi8npTMYsnt5ritqTEujPBmlJYN5RiMEmUCzfk6JPQXv9ROPPcnrrbIZCs4 dTARiGPJ5ffxeO77oSHLBBNMsh5Mnum60X12xtNoPGQTxO2AsSP4oBfHiCa2mPn65m4IWyMW3SFSAQnUWbexuW7spso=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

http://www.farmsoftwarebulk.com/c?x=xF LKUvEm4qj01nQlTEn8w9EkZ2Kev aBdRpyZnhzlg=&c=3yrBcUftMIlmKbQ5O1mz0jIMMKJ22tuTH3O3rmSW2CdwHd8kPfIm9jnuLFCh1X8gS/C3ULBOSWTcigfI5cbmDXLT6fi9MpNuBcGXv3LQYcuIZnUFAHdJrO8YIfw zEmUioG/cj6LbEEZL RSw3hFO0iZSW148FIg0lyHSXGOP3E=&e=1&fallback_url=http://res.nobistex.com/cache/upch/.../UpdateChecker.exe

Remove updatechecker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.