home

updater.exe

The executable updater.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler named runTask triggered by a time event. The file has been seen being downloaded from safe-secure2.com.
MD5:
c08520cb3766142a6e8d7aa6f920a8f0

SHA-1:
a8998b7ab797788b119a95b465b4aaecc903c858

SHA-256:
19794bb4f13fc09cce953ca80da7745820e3bd73162ffd08da67312f0b7d5b99

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 10:09:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.23.15

File size:
334 Bytes

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\updater.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6:qzmSOvDn7jAs9QiEyrCxUbErfAEVIIM4mGvmQaRtEUYMWXz:kDuD7jD9QjyrCFodIM4mPQaRG/MWj

Entry point:
3C, 68, 74, 6D, 6C, 3E, 3C, 62, 6F, 64, 79, 3E, 3C, 62, 3E, 54, 68, 65, 20, 70, 61, 67, 65, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 64, 69, 73, 70, 6C, 61, 79, 65, 64, 20, 62, 65, 63, 61, 75, 73, 65, 20, 61, 6E, 20, 69, 6E, 74, 65, 72, 6E, 61, 6C, 20, 73, 65, 72, 76, 65, 72, 20, 65, 72, 72, 6F, 72, 20, 68, 61, 73, 20, 6F, 63, 63, 75, 72, 72, 65, 64, 2E, 3C, 2F, 62, 3E, 3C, 73, 63, 72, 69, 70, 74, 3E, 76, 61, 72, 20, 67, 6C, 6F, 62, 61, 6C, 20, 3D, 20, 5B, 22, 6C, 30, 51, 6C, 56, 73, 6C, 78, 46, 77, 58...
 
[+]

Entropy:
5.1735

Scheduled Task
Task name:
runTask

Trigger:
Time


The file updater.exe has been seen being distributed by the following URL.

http://safe-secure2.com/w/.../PPC-softwareSetup.exe

Remove updater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.