updatetask.exe

MY POP SHOP LTD

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe by MY POP SHOP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named PennyBee triggered daily at a specified time. This file is typically installed with the program PennyBeeUpdate by DealPly Technologies Ltd which is a potentially unwanted software program.
Publisher:
MY POP SHOP LTD  (signed and verified)

MD5:
48d3138e692c049c80eefff95dc34210

SHA-1:
769d19ab15f5c3d61987671b8eb6b3712011c84e

SHA-256:
c2fe92ec88699f191a52b686bfe09e49e216f8aedc25be2657604908581bfbcc

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
12/24/2024 1:10:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.UpdateProc.Resoft (M)
16.3.8.7

File size:
140 KB (143,368 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\pennybee\updateproc\updatetask.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/22/2014 7:00:00 AM

Valid to:
7/23/2015 6:59:59 AM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B739C4F756EE55FB750952CE570BE48B

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:8TbjSmbj18hESa9gvuOs8pheVzIB3WdLGiw:8eej1wPj2Ofpcjhw

Entry address:
0x18D2C

Entry point:
55, 8B, EC, 83, C4, F0, B8, D4, 8C, 41, 00, E8, 70, BF, FE, FF, 6A, 00, 68, F0, 88, 41, 00, 68, 44, 8A, 41, 00, 68, 78, 8A, 41, 00, B9, 70, 8D, 41, 00, BA, 8C, 8D, 41, 00, B8, 8C, 8D, 41, 00, E8, 5F, 53, FF, FF, E8, 5A, AD, FE, FF, 00, 00, FF, FF, FF, FF, 13, 00, 00, 00, 72, 63, 2C, 2B, 72, 72, 65, 64, 73, 67, 6E, 70, 29, 61, 6E, 68, 75, 2B, 42, 00, FF, FF, FF, FF, 08, 00, 00, 00, 50, 65, 6E, 6E, 79, 42, 65, 65, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2188

Developed / compiled with:
Microsoft Visual C++

Code size:
95.5 KB (97,792 bytes)

Scheduled Task
Task name:
PennyBee

Trigger:
Daily (Runs daily at 15:22)


The file updatetask.exe has been discovered within the following program.

PennyBeeUpdate  by DealPly Technologies Ltd
PennyBee (DealPly) is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
pennybee.com
80% remove it
 
Powered by Should I Remove It?

Remove updatetask.exe - Powered by Reason Core Security