updater.exe

LiveChat

LiveChat, Inc.

The executable updater.exe, “updater 8.4.0 © LiveChat, Inc., Inc, 2015” has been detected as malware by 3 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “updater”.
Publisher:
LiveChat, Inc.  (signed and verified)

Product:
LiveChat

Description:
updater 8.4.0 © LiveChat, Inc., Inc, 2015

Version:
8.4.0

MD5:
b80ebce3b233ff03c576b557e93a1f1b

SHA-1:
8dbb55d53e0ad10480245eef9b70e82dcceb0bce

SHA-256:
e818d6c5bdf44f6ed0d30eeff5e2f9dfc15616bf1043c120e82e9f18f0e0b101

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/25/2024 12:34:44 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
585.8 KB (599,887 bytes)

Product version:
8.4.0

Copyright:
Copyright (C) 2016 LiveChat, Inc.

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\livechat\updater.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
1/18/2016 6:00:00 AM

Valid to:
4/19/2017 5:59:59 AM

Subject:
CN="LiveChat, Inc.", O="LiveChat, Inc.", L=Boston, S=Massachusetts, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
7B46ED20CDBFEEC3A28E0AFEF9CD30BD

File PE Metadata
Compilation timestamp:
3/23/2016 3:41:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:vMNn0OtDchO6tIRTDM6JSBF+LEomGLbOGf14CeN1t9Zhrzsa4SxDMoDdWLUBV+UO:1iQyM6JSeLn6Gf14tZtdZdWABjvrEH7J

Entry address:
0x2CC8F

Entry point:
E9, 44, C2, FD, FF, E9, 80, FE, FF, FF, 55, 8B, EC, 6A, FF, 68, A7, 09, 44, 00, 64, A1, 00, 00, 00, 00, 50, 51, 53, 56, 57, A1, 0C, D0, 44, 00, 33, C5, 50, 8D, 45, F4, 64, A3, 00, 00, 00, 00, 89, 65, F0, FF, 75, 08, 83, 65, FC, 00, E8, 63, FD, FF, FF, 59, EB, 08, B8, D7, CC, 42, 00, C3, 33, C0, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5E, 5B, 8B, E5, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 53, 56, 6A, 17, E8, ED, 30, 01, 00, 85, C0, 74, 05, 8B, 4D, 08, CD, 29, 33, F6, 8D, 85, DC, FC, FF, FF, 68...
 
[+]

Entropy:
6.9942

Packer / compiler:
Xtreme-Protector v1.05

Code size:
255 KB (261,120 bytes)

Service
Display name:
updater

Description:
Updater Support Service

Type:
Win32OwnProcess


Remove updater.exe - Powered by Reason Core Security