updater.exe

WebAppTech Coding LLC

Part of the branded Injekt adware package, the updater mechanism is an auto-starting program that is desigend to update the web browser extensions and protect the executables ChromeHelper, FirefoxHelper and IeHelper so that these programs can inject advertisments and generate popups in the user's web browser. The application updater.exe by WebAppTech Coding has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Updater’. This file is typically installed with the program Updater by WebAppTech Coding, LLC which is a potentially unwanted software program.
Publisher:
Updater  (signed by WebAppTech Coding LLC)

Product:
Updater

Description:
Updater service

Version:
1, 0, 0, 1

MD5:
057f63be9876d7f96b791245b552b466

SHA-1:
23d48c4c79f7ebaae2293789eb951eb7c14a66d3

SHA-256:
0b29575dd746b8c6b80bfd450a97e24c518033e86c9a5fb6901628dafaaaaef3

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 1:17:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.1.2.19

File size:
471.1 KB (482,448 bytes)

Product version:
1, 0, 0, 1

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\updater\updater.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/15/2013 7:00:00 PM

Valid to:
1/16/2014 6:59:59 PM

Subject:
CN=WebAppTech Coding LLC, O=WebAppTech Coding LLC, STREET="2885 Sanford Ave SW #18716", L=Grandville, S=MI, PostalCode=49418, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ED976277604B937F55FA8DF427C5B534

File PE Metadata
Compilation timestamp:
11/20/2013 9:07:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x37F62

Entry point:
E8, F9, CB, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, FE, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 40, 6C, 46, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 92, 5A, 00, 00, 59, FF, 34, F5, 40, 6C, 46, 00, FF, 15, 8C, 40, 45, 00, 5E, 5D, C3, 56, 57, BE, 40, 6C, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F...
 
[+]

Entropy:
6.4609

Code size:
329 KB (336,896 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Updater

Command:
C:\ProgramData\updater\updater.exe


The file updater.exe has been discovered within the following program.

Updater  by WebAppTech Coding, LLC
Publisher's description - “We may collect certain information about your web usage and websites you have visited, which may be shared with third parties and used for advertising.”
85% remove it
 
Powered by Should I Remove It?

Remove updater.exe - Powered by Reason Core Security