» updater.exe
Overview
Analysis
File Details
Behaviors (1)

updater.exe

Western Web Applications, LLC

Part of the branded Injekt adware package, the updater mechanism is an auto-starting program that is desigend to update the web browser extensions and protect the executables ChromeHelper, FirefoxHelper and IeHelper so that these programs can inject advertisments and generate popups in the user's web browser. The application updater.exe by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Updater’.

File name:

updater.exe

Publisher:

Updater (signed by Western Web Applications, LLC)

Product:

Updater

Description:

Updater service

Version:

1, 0, 0, 1

MD5:

47088addf2005bf7c84ba5179500dc29

SHA-1:

e207bba5799154d86521f193306a863bdd2cb9c1

SHA-256:

076ef80920f880182b87f0dedb488634fa04083802528979217d9db8a49dfb65

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

11/27/2024 2:44:00 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt (M)

17.2.20.0

File size:

291.1 KB (298,136 bytes)

Product version:

1, 0, 0, 1

Original file name:

updater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\updater\updater.exe

Digital Signature

Signed by:

Western Web Applications, LLC

Authority:

COMODO CA Limited

Valid from:

5/23/2013 8:00:00 PM

Valid to:

5/24/2014 7:59:59 PM

Subject:

CN="Western Web Applications, LLC", O="Western Web Applications, LLC", STREET=640 E Grand Ave, STREET=Suite 129, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2A1B337726D509D16C17362E2E625DE9

File PE Metadata

Compilation timestamp:

9/24/2013 7:31:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x1C477

Entry point:

E8, 46, 96, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 3C, D4, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 30, AB, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 4C, 01, 43, 00... 
[+]

Entropy:

6.4331

Code size:

187.5 KB (192,000 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Updater

Command:

C:\ProgramData\updater\updater.exe

Remove updater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.