updater.exe

WebAppTech Coding LLC

Part of the branded Injekt adware package, the updater mechanism is an auto-starting program that is desigend to update the web browser extensions and protect the executables ChromeHelper, FirefoxHelper and IeHelper so that these programs can inject advertisments and generate popups in the user's web browser. The application updater.exe by WebAppTech Coding has been detected as adware by 17 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Updater’. This file is typically installed with the program Updater by WebAppTech Coding, LLC which is a potentially unwanted software program.
Publisher:
Updater  (signed by WebAppTech Coding LLC)

Product:
Updater

Description:
Updater service

Version:
1, 0, 0, 1

MD5:
afe1c9d617313ac7055774dc190d7f02

SHA-1:
f8fcf14636fa46d300595e423ce3a389d735da1a

SHA-256:
9cb606d1bf59ea0caae92c5fddd5201b7a72c99f665758c9b550429991e938b5

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/27/2024 5:21:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SearchDonkey.A
1129

avast!
Win32:TubeDim-A [PUP]
2014.9-140116

AVG
Win32/DH
2015.0.3592

Bitdefender
Adware.SearchDonkey.A
1.0.20.5

Boost by Reason
Optional.Startup.WebAppTechCoding.H
188838

Emsisoft Anti-Malware
Adware.SearchDonkey
8.14.01.01.11

F-Secure
Adware.SearchDonkey.A
11.2014-01-01_4

G Data
Adware.SearchDonkey
14.1.22

IKARUS anti.virus
AdWare.SearchDonkey
t3scan.2.2.29

McAfee
Artemis!953DD0B06F8D
5600.7248

MicroWorld eScan
Adware.SearchDonkey.A
15.0.0.3

Norman
Malware
11.20140101

nProtect
Adware.SearchDonkey.A
14.01.16.02

Reason Heuristics
PUP.Startup.WebAppTechCoding.H
14.8.7.17

Sophos
Search Donkey
4.96

Trend Micro House Call
TROJ_GEN.F47V1029
7.2.1

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
24678

File size:
471.1 KB (482,448 bytes)

Product version:
1, 0, 0, 1

Original file name:
updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\updater\updater.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/15/2013 7:00:00 PM

Valid to:
1/16/2014 6:59:59 PM

Subject:
CN=WebAppTech Coding LLC, O=WebAppTech Coding LLC, STREET="2885 Sanford Ave SW #18716", L=Grandville, S=MI, PostalCode=49418, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ED976277604B937F55FA8DF427C5B534

File PE Metadata
Compilation timestamp:
11/20/2013 9:01:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:0XgNPPCYw6bOzvDqBVUANUqPXHWip3381MVn1:0wNPPlbOCfUABB4m1

Entry address:
0x37F62

Entry point:
E8, F9, CB, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, FE, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 40, 6C, 46, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 92, 5A, 00, 00, 59, FF, 34, F5, 40, 6C, 46, 00, FF, 15, 8C, 40, 45, 00, 5E, 5D, C3, 56, 57, BE, 40, 6C, 46, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F...
 
[+]

Entropy:
6.4606

Code size:
329 KB (336,896 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Updater

Command:
C:\ProgramData\updater\updater.exe


The file updater.exe has been discovered within the following program.

Updater  by WebAppTech Coding, LLC
Publisher's description - “We may collect certain information about your web usage and websites you have visited, which may be shared with third parties and used for advertising.”
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-186-84-255.us-west-2.compute.amazonaws.com  (54.186.84.255:80)

TCP (HTTP):
Connects to ec2-54-213-104-242.us-west-2.compute.amazonaws.com  (54.213.104.242:80)

Remove updater.exe - Powered by Reason Core Security