updatestar-drivers.exe

UpdateStar GmbH

The application updatestar-drivers.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.updatestar.com.
Publisher:
UpdateStar GmbH  (signed and verified)

MD5:
e6f115761e2764a287cc8b6706c33a91

SHA-1:
f4d28490eef1c6d4c3e12cc656641b3abf99597e

SHA-256:
70c28c603f03739979a76cb4b6de79e42131dbceeda42aeb7080107130f780c8

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/20/2024 8:24:06 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
7.11.124.170

Bkav FE
W32.Clodbe6.Trojan
1.3.0.4613

Comodo Security
Application.Win32.InstallCore.AX
17551

Dr.Web
Adware.InstallCore.113
9.0.1.044

ESET NOD32
Win32/InstallCore.ES (variant)
8.9249

Malwarebytes
v2014.02.13.11

McAfee
Artemis!31181921FD4E
5600.7221

Reason Heuristics
PUP.UpdateStarGmbH.S
14.2.13.11

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14211

Sophos
Install Core Installer
4.96

Trend Micro House Call
TROJ_GEN.F47V1230
7.2.44

VIPRE Antivirus
Trojan.Win32.Generic
25076

File size:
669.6 KB (685,704 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\updatestar-drivers.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/2/2013 12:00:00 AM

Valid to:
1/2/2016 11:59:59 PM

Subject:
CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009ED227324380B40DDE36C8D31A33831F

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:ASyMJfsGwj1+Eeq4augHYGKN+tGEsf/riZE+zaW4GAAlo:ASyMJfs5j1+XZauYY5N1/fTiratGha

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Code size:
36 KB (36,864 bytes)

The file updatestar-drivers.exe has been seen being distributed by the following URL.

Remove updatestar-drivers.exe - Powered by Reason Core Security