» Updater.exe
Overview
Analysis
File Details
Programs (1)

Updater.exe

Updater Module

FriendsChecker LLC

The application Updater.exe by FriendsChecker has been detected as adware by 6 anti-malware scanners. This file is typically installed with the program FriendsChecker by GenTechnologies Apps LLC which is a potentially unwanted software program.

File name:

Updater.exe

Publisher:

FriendsChecker LLC (signed and verified)

Product:

Updater Module

Version:

1, 0, 0, 1

MD5:

904d5c65f67d7c0c019f00f226ac1ff9

SHA-1:

a343300e7b3fd8e88310954721593b89876f45df

SHA-256:

a63d47f38d8adf6c699e2b365fe14afb41b4a026c9f5698434e5edb535a385ca

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

11/5/2024 6:58:55 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.128512.14

7.11.102.20

Comodo Security

Heur.Suspicious

16923

Norman

Malware

11.20141212

Reason Heuristics

PUP.FriendsChecker.H

14.12.12.21

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.0

VIPRE Antivirus

FriendsChecker

21400

File size:

131.1 KB (134,208 bytes)

Product version:

1, 0, 0, 1

Original file name:

Updater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\friendschecker\updater\updater.exe

Digital Signature

Signed by:

FriendsChecker LLC

Authority:

GoDaddy.com, Inc.

Valid from:

3/19/2011 12:29:57 PM

Valid to:

3/18/2012 10:50:39 AM

Subject:

CN=FriendsChecker LLC, O=FriendsChecker LLC, L=Wilmington, S=DE, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07C90A416C66BC

File PE Metadata

Compilation timestamp:

2/21/2011 10:49:18 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:Eq2o9VYkHp5wi1IzLWwWq7m0tF5HRRCzq9IO0:Eq2ojYkHp5XCLcq7ma/zJ0

Entry address:

0xAEDD

Entry point:

E8, AC, 4E, 00, 00, E9, 79, FE, FF, FF, CC, 68, 90, A9, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 68, B2, 41, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B... 
[+]

Entropy:

6.3643

Code size:

88 KB (90,112 bytes)

The file Updater.exe has been discovered within the following program.

FriendsChecker by GenTechnologies Apps LLC

FriendsChecker installs as a web browser plugin for Internet Explorer and FireFox. It is designed to check to see what facebook friends have defreinded you. It does this by polling facebook with your profile details to see changes in your friends list.

www.friendschecker.com

69% remove it

Remove Updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.