home

updater.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from updater.shadowl2.es.
MD5:
422683fd542f03912c587ad3b08f8a47

SHA-1:
28f374b3955c20733ca53b82488f3ac94ec67f11

SHA-256:
6bc888c87a9051bdf765a96b25721a4a1522f20d68c156adb880fae2c1efc8c1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/16/2025 5:41:59 AM UTC  (today)

File size:
3.7 MB (3,879,319 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\updater.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:boBmhx53gRnbh5ISCIuTPCuVLgYjsc4C7H9taHO5JXkGm+PDwi/l0Pw4+ZmzDWXg:boqsu7iS1m+P//l0a0WXw7LluFfup

Entry address:
0x452046

Entry point:
B8, 00, 20, 85, 00, 68, 14, 61, 49, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 66, 9C, 60, 50, 8B, D8, 03, 00, 68, 3C, AC, 2D, 00, 6A, 00, FF, 50, 1C, 89, 43, 08, 68, 00, 00, 40, 00, 8B, 3C, 24, 8B, 33, 66, 81, C7, 80, 07, 8D, 74, 1E, 08, 89, 3B, 53, 8B, 5E, 10, B8, 80, 08, 00, 00, 56, 6A, 02, 50, 57, 6A, 34, 6A, 0A, 56, 6A, 04, 50, 57, FF, D3, 83, EE, 08, 59, F3, A5, 59, 66, 83, C7, 58, 81, C6, DA, 01, 00, 00, F3, A5, FF, D3, 58, 8D, 90, A0, 01, 00, 00, 8B, 0A, 83, C2, 14, 8B, 5A, F0, 85...
 
[+]

Packer / compiler:
PEtite v2.2

Code size:
601.6 KB (616,016 bytes)

The file updater.exe has been seen being distributed by the following URL.

http://updater.shadowl2.es/.../Updater.exe

Scan updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.