» Updater.exe
Overview
Analysis
File Details
Programs (2)
Downloads (4)

Updater.exe

NortonLive Updater

Symantec Corporation

This is installed with multiple programs including Norton PC Checkup and Toshiba Laptop Checkup. The file has been seen being downloaded from www-secure.symantec.com and multiple other hosts.

File name:

Updater.exe

Publisher:

Symantec Corporation (signed and verified)

Product:

NortonLive Updater

Version:

1.0.0.155

MD5:

3ac869a26a53dc723b532fd7fa6330b6

SHA-1:

490d977921835fa6a74675487135abe6716b4f4e

SHA-256:

1eae20e690086e254e4d079d56d231e9c6156a05c5c1d7828e6099de7f7eac20

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

12/26/2024 3:12:48 PM UTC (today)

File size:

322.4 KB (330,168 bytes)

Product version:

1.0

Original file name:

Updater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\norton pc checkup\engine\2.0.5.60\updater.exe

Digital Signature

Signed by:

Symantec Corporation

Authority:

VeriSign, Inc.

Valid from:

9/7/2010 8:00:00 PM

Valid to:

11/23/2013 6:59:59 PM

Subject:

CN=Symantec Corporation, OU=Symantec Research Labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Symantec Corporation, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

66660552D465B31F429F7527EA6A93BF

File PE Metadata

Compilation timestamp:

12/22/2011 8:53:47 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:Yz+bhtH+FkkkaxLdCS4GjP55OGxNKc87g87NtWk:Yz+dwFkTaxxCBGjR5Oql87g87nWk

Entry address:

0x19714

Entry point:

E8, DE, 91, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, 91, 1F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CE, F2, FF, FF, 83, C4, 14, 83, C8, FF, E9, C5, 00, 00, 00, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 3B, FB, 74, 24, 3B, F3, 75, 20, E8, 61, 1F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 9E, F2, FF, FF, 83, C4, 14, 83, C8, FF, E9, 93, 00, 00, 00, C7, 45, EC, 42, 00, 00, 00, 89, 75, E8, 89, 75, E0, 81, FF, FF, FF, FF, 3F, 76, 09, C7... 
[+]

Entropy:

6.3229

Code size:

210.5 KB (215,552 bytes)

The file Updater.exe has been discovered within the following programs.

Norton PC Checkup by Symantec Corporation

Norton PC Checkup is a program downloaded either separately or as a bundle with updates to Adobe Flash, provided to enable users to perform a system checkup of their Microsoft Windows based personal computers.

http:/www.norton.com/NortonLive

52% remove it

Toshiba Laptop Checkup by Symantec Corporation

Publisher's description - “Laptop Checkup will check for issues that may be slowing down your laptop. Data, photos and music files that need backup. Viruses, spyware, malware and other threats. Not all utilities are available for every model and operating system.”

www.symantec.com/techsupp

21% remove it

The file Updater.exe has been seen being distributed by the following 4 URLs.

https://www-secure.symantec.com/premium_services/helpware/2.0/.../Updater.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.