updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 9 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
MD5:
cab0516de3611497538a3fa3945e429c

SHA-1:
3bb5ea753d6b2b1ddf5447ad9c70ac4c2f380efe

SHA-256:
83b7249c1d66d68f515d8f7fd5e07274ba75be7830743358d7192f5b0de3122d

Scanner detections:
9 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
12/25/2024 1:31:01 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.1445

Dr.Web
Adware.Shopper.391
9.0.1.095

ESET NOD32
Win32/DealPly (variant)
8.9625

Fortinet FortiGate
Riskware/DealPly
4/5/2014

K7 AntiVirus
Trojan
13.176.11623

McAfee
Artemis!CAB0516DE361
5600.7170

Reason Heuristics
PUP.UpdateProc.K
14.4.5.8

Trend Micro House Call
ADW_DEALPLY
7.2.95

Trend Micro
ADW_DEALPLY
10.465.05

File size:
108 KB (110,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:NzP+TbOPEvke/202TtLBnbas2GNVa60DLGGRA++++++++++++++++++++++++++R:NaTiPxeRsFZNPqH03

Entry address:
0x15BC8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 70, 5B, 41, 00, E8, FC, EF, FE, FF, 33, C0, 55, 68, E7, 5C, 41, 00, 64, FF, 30, 64, 89, 20, E8, F9, CA, FE, FF, 85, C0, 0F, 8E, C0, 00, 00, 00, B8, 6C, 7C, 41, 00, BA, FC, 5C, 41, 00, E8, 2A, DF, FE, FF, 83, 3D, 6C, 7C, 41, 00, 00, 75, 0F, B8, 6C, 7C, 41, 00, BA, 0C, 5D, 41, 00, E8, 1E, E1, FE, FF, B8, 6C, 7C, 41, 00, 8B, 0D, 6C, 7C, 41, 00, BA, 1C, 5D, 41, 00, E8, 4D, E1, FE, FF, 83, 3D, 6C, 7C, 41, 00, 00, 75, 0F, B8, 6C, 7C, 41, 00, BA, 2C, 5D, 41, 00, E8, F1, E0, FE, FF, B8...
 
[+]

Entropy:
6.4097

Developed / compiled with:
Microsoft Visual C++

Code size:
83.5 KB (85,504 bytes)

Scheduled Task
Task name:
Digital Sites

Trigger:
Daily (Runs daily at 6:36 PM)

Action:
updatetask.exe \check


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 193-124-232-198.static.unitasglobal.net  (198.232.124.193:80)

TCP (HTTP):
Connects to ec2-54-243-134-193.compute-1.amazonaws.com  (54.243.134.193:80)

TCP (HTTP):
Connects to ec2-23-23-137-245.compute-1.amazonaws.com  (23.23.137.245:80)

TCP (HTTP):
Connects to ec2-23-21-92-35.compute-1.amazonaws.com  (23.21.92.35:80)

TCP (HTTP):
Connects to ec2-107-21-230-190.compute-1.amazonaws.com  (107.21.230.190:80)

TCP (HTTP):
Connects to bits-lb.ulsfo.wikimedia.org  (198.35.26.106:80)

TCP (HTTP):
Connects to bits-lb.esams.wikimedia.org  (91.198.174.202:80)

Remove updatetask.exe - Powered by Reason Core Security