home

Updater.exe

Update Helper

Goobzo Ltd

The application Updater.exe by Goobzo has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named YTAUpdate triggered daily at a specified time.
Publisher:
Goobzo  (signed by Goobzo Ltd)

Product:
Update Helper

Version:
1.0.1.5

MD5:
9d7dba948698b562a63c057a21d5e841

SHA-1:
5b31fe56318c41b983458999fa2d6d8a86a13abc

SHA-256:
dd7a4c2dbb987129f5ba98e4d2261ceb700eac9fc55a0f5e4b59b49ced655480

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:02:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo (M)
17.3.8.5

File size:
3.3 MB (3,467,720 bytes)

Product version:
1.0.1.5

Copyright:
Copyright (C) 2013

Original file name:
Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\youtube accelerator\updater.exe

Digital Signature
Signed by:
Goobzo Ltd

Authority:
Symantec Corporation

Valid from:
2/4/2015 4:00:00 AM

Valid to:
5/6/2016 3:59:59 AM

Subject:
CN=Goobzo Ltd, O=Goobzo Ltd, L=Haifa, S=HAIFA, C=IL

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3C3E526E4FC7FCA9432F2BC6F34C86A5

File PE Metadata
Compilation timestamp:
5/11/2015 3:30:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x4752BB

Entry point:
60, C7, 44, 24, 1C, 7F, C1, A1, C0, E8, 91, A9, 2B, 00, 51, 38, AC, 6B, D6, 46, 12, 5C, DC, 95, B9, 0B, CE, F0, 5A, 2A, AE, 54, BD, 00, EE, 43, 46, 32, 21, DF, 4E, 27, 93, CD, BC, B9, EE, C4, 7A, 50, C0, E9, 87, 52, 22, 2F, 7A, 48, DE, 9C, 86, 8D, 2C, 64, 0C, BD, 52, 20, B6, 40, 29, 55, 93, DD, 60, 30, 52, CC, B6, 1D, EA, 16, 50, 20, 0F, 60, 76, C1, DC, 40, 2C, 7F, C2, 60, BA, 38, AB, A5, B8, 1A, 78, 13, 39, 76, A7, 0B, F7, 87, D3, 6E, 7D, AA, E9, B3, 09, 57, 89, 39, 36, 2F, 39, DF, D4, 94, B9, 7A, 5D, 2F...
 
[+]

Code size:
555.5 KB (568,832 bytes)

Scheduled Task
Task name:
YTAUpdate

Trigger:
Daily (Runs daily at 8:00)


Remove Updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.