home

updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program PriceFountain (remove only) by DealPly Technologies Ltd. which is a potentially unwanted software program.
MD5:
03d91e6ebde8f5570e571f39245c2cab

SHA-1:
035411e0dfe7fca88ded1c14c2ca77a1c9f7544a

SHA-256:
505f48ac7c1ef0279ffd837b5b21918b61cf5f9893bc4fc8213f17641fbb54dd

Scanner detections:
11 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
11/27/2024 1:52:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1872430
860

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.14927

Bitdefender
Trojan.GenericKD.1872430
1.0.20.1350

Emsisoft Anti-Malware
Trojan.GenericKD.1872430
8.14.09.27.03

ESET NOD32
Win32/DealPly (variant)
8.10449

F-Secure
Trojan.GenericKD.1872430
11.2014-27-09_7

G Data
Trojan.GenericKD.1872430
14.9.24

MicroWorld eScan
Trojan.GenericKD.1872430
15.0.0.810

nProtect
Trojan.GenericKD.1872430
14.09.22.01

Qihoo 360 Security
HEUR/Malware.QVM05.Gen
1.0.0.1015

Reason Heuristics
PUP.UpdateProc.Task.K
14.9.27.15

File size:
199.5 KB (204,288 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\pricefountain\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:Hc3etPL91pjQ+Rgi4i9tCt4nL1qAS1XkwmLZL3ET:7dLlE+RR4MCt4nL1qAS1Xkwmta

Entry address:
0x27ABC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 34, 7A, 42, 00, E8, 20, EC, FD, FF, 6A, 00, 68, 50, 76, 42, 00, 68, A4, 77, 42, 00, 68, D8, 77, 42, 00, B9, 00, 7B, 42, 00, BA, 20, 7B, 42, 00, B8, 34, 7B, 42, 00, E8, 6B, 52, FF, FF, E8, 92, CA, FD, FF, 00, 00, FF, FF, FF, FF, 15, 00, 00, 00, 75, 63, 2B, 55, 2C, 73, 75, 61, 6A, 72, 60, 72, 2D, 30, 2C, 28, 6A, 77, 6C, 6B, 55, 00, 00, 00, FF, FF, FF, FF, 0B, 00, 00, 00, 50, 72, 63, 46, 6F, 75, 6E, 74, 61, 69, 6E, 00, FF, FF, FF, FF, 0E, 00, 00, 00, 50, 72, 69, 63, 65, 20, 46, 6F...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
155 KB (158,720 bytes)

Scheduled Task
Task name:
Price Fountain

Trigger:
Daily (Runs daily at 22:00)

Action:
updatetask.exe \check


The file updatetask.exe has been discovered within the following programs.

PriceFountain (remove only)  by DealPly Technologies Ltd.
Price Fountain (SaveSense) is an adware extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.
www.pricefountain.com
76% remove it
Update for PriceFountain  by DealPly Technologies Ltd.
This is the update service for the potentially unwanted software (PUP) PriceFountain.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-21-92-35.compute-1.amazonaws.com  (23.21.92.35:80)

TCP (HTTP):
Connects to bits-lb.esams.wikimedia.org  (91.198.174.202:80)

TCP (HTTP):
Connects to ec2-107-22-180-109.compute-1.amazonaws.com  (107.22.180.109:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.10.161:80)

TCP (HTTP):
Connects to ec2-23-23-99-14.compute-1.amazonaws.com  (23.23.99.14:80)

TCP (HTTP):
Connects to ec2-23-23-101-200.compute-1.amazonaws.com  (23.23.101.200:80)

Remove updatetask.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.