updater.exe

The application updater.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Additionally, the file is typically installed by a number of programs including wxDfast by Best Application and Coolyou by CoolYou Inc., both potentially unwanted software. The file has been seen being downloaded from www.nlstorage.info.
MD5:
2096b76b1a5d4e5ce2bcb19c0fada911

SHA-1:
1e246b8649eb422fe678a107667dc1c6932ec2a9

SHA-256:
31486eb4bf87f2f2dc29d56fc4fc68b7c2790342abb85796b9f7bb113eacb43f

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:47:39 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/GenUpdater
7.9267

Malwarebytes
Trojan.Dropper
v2013.12.29.02

MicroWorld eScan
Win32/GenUpdater
14.0.0.1089

Reason Heuristics
PUP.GenUpdater
16.1.3.23

File size:
206 KB (210,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\updater.exe

File PE Metadata
Compilation timestamp:
7/19/2012 5:59:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:R+D0z0vbKT13dgxC+5GsNDead3lFyoKEzfuCRtqJK5HHM20vdLTOwZD0:6dveTpdgst+KCyoKEzjRM4MP

Entry address:
0x4BDB

Entry point:
E8, 75, 4C, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 88, 86, 01, 10, 00, 74, 05, E9, 26, 4D, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83...
 
[+]

Entropy:
6.4073

Code size:
59.5 KB (60,928 bytes)

Scheduled Task
Task name:
WxDFastUpdaterTask{17758843-AA16-4C28-A760-98844B801AAA}

Trigger:
Logon (Runs on logon)


The file updater.exe has been discovered within the following programs.

Coolyou  by CoolYou Inc.
From the app's privacy policy: "We may collect certain information about your web usage and websites you have visited, which may be shared with third parties and used for advertising."
coolyouapp.com
66% remove it
OptimizerPro Updater  by BetterSoft
OptimizerPro is the update program which runs on the PC and checks for updates and automatically downloads and installs them if found. The program is primarily designed to keep the software up to date or provide product upgrades.
77% remove it
TheBflix  by TheBflix
TheBflix is a potentially unwanted web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.
thebflix.com
82% remove it
TheBflix Updater  by TheBflix
TheBflix Updater is the update program which runs on the PC and checks for updates and automatically downloads and installs them if found based on the user's settings.
83% remove it
wxDfast  by Best Application
Publisher's description - “wxDownload Pro is an open source download manager. It is also multi-threaded transfers download manager which means it can split a file into several parts and download them simultaneously.”
wxdownloadmanager.com
79% remove it
WxDFast Updater  by Best Application
wxDownload Fast (also known as wxDFast) is a free/open source download manager. WxDFast Updateris a program designed to manage all installed WxDFast programs on the user's PC and check for and update any new versions of the software if available.
79% remove it
 
Powered by Should I Remove It?

The file updater.exe has been seen being distributed by the following URL.

Remove updater.exe - Powered by Reason Core Security