» updatestar_ger_installer.exe
Overview
Analysis
File Details
Downloads (1)

updatestar_ger_installer.exe

UpdateStar GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application updatestar_ger_installer.exe by UpdateStar GmbH has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from client.updatestar.com.

File name:

Publisher:

UpdateStar GmbH (signed and verified)

MD5:

a9102ac5694fd047a5282524e084710a

SHA-1:

de664253b8891c0bba911927f0ccbdf8cf2d434a

SHA-256:

aa201ca69f93b661cc7e8002fa8c2f2784a1ca23af17f5895ad47d590b81099d

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/22/2024 5:28:23 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.InstallCore

4.0.3.1498

Dr.Web

Adware.Downware.4763

9.0.1.0251

Reason Heuristics

PUP.UpdateStarGmbH.Y

14.9.8.21

File size:

458.4 KB (469,424 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Common path:

C:\users\{user}\downloads\updatestar_ger_installer.exe

Digital Signature

Signed by:

UpdateStar GmbH

Authority:

COMODO CA Limited

Valid from:

1/2/2013 1:00:00 AM

Valid to:

1/3/2016 12:59:59 AM

Subject:

CN=UpdateStar GmbH, O=UpdateStar GmbH, STREET=Hauptstraße 20, L=Berlin, S=Berlin, PostalCode=10827, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009ED227324380B40DDE36C8D31A33831F

File PE Metadata

Compilation timestamp:

6/4/2014 10:36:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:HUL8qMy90fBr5ysXlhVwE8xwUazIesS++0:HStWF5ysXlcE8xNPenU

Entry address:

0xF3BE0

Entry point:

60, BE, 00, 50, 48, 00, 8D, BE, 00, C0, F7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

444 KB (454,656 bytes)

The file updatestar_ger_installer.exe has been seen being distributed by the following URL.

http://client.updatestar.com/files/.../UpdateStar_GER_installer.exe

Remove updatestar_ger_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.