» updater.exe
Overview
Analysis
File Details

updater.exe

コミPo!

Web Technology Corp.

The application updater.exe, “コミPo! アップデートインストーラ” by Web Technology has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

updater.exe

Publisher:

Web Technology Corp. (signed and verified)

Product:

コミPo!

Description:

コミPo! アップデートインストーラ

Version:

1.05.00

MD5:

38c1efa9ca9bc867cb1a83c5e0dc0702

SHA-1:

28b7e116d7befa4a49c75a53eb63bed332fb58a5

SHA-256:

df8e20eea9ab84e9141f7bedede0b368c908fdfa3e25195985424805e32855ed

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

1/15/2025 4:09:12 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.SearchP.Malware360.H

14.10.10.8

File size:

376.9 KB (385,928 bytes)

Product version:

1.05.00

Original file name:

comipoud.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\web technology\comipo!\updater20110209_man\updater.exe

Digital Signature

Signed by:

Web Technology Corp.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

4/14/2010 9:00:00 AM

Valid to:

4/19/2011 8:59:59 AM

Subject:

CN=Web Technology Corp., O=Web Technology Corp., L=Toshima-ku, S=Tokyo, C=JP

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

5AADB27F40A088A34A18738E50971C1F

File PE Metadata

Compilation timestamp:

2/8/2011 1:23:41 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:6FICEvstEJKeXsA64BpO3x/xmxrLMurfLgEXU6iiOhjUQdeWihyBqa/1v:1CQuEJKeX64BpO3x/xArouIDiOhjrGQV

Entry address:

0x1A914

Entry point:

E8, 73, 53, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, A7, 0D, 00, 00, 3B, 0D, B0, B2, 43, 00, 75, 02, F3, C3, E9, EA, 53, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, D5, 29, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, B9, 06, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 5E, 33, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 9D, 54, 00, 00, 83... 
[+]

Entropy:

7.1394

Code size:

188.5 KB (193,024 bytes)

Remove updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.