updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Update for Codec Pack by Update for Codec Pack. Additionally, the file is typically installed by a number of programs including FLV Player by PROXUS Media Group and UpdaterEX by installCore.
MD5:
24a819a072d40b5821504fcbd0a67537

SHA-1:
89987a006aeaff6b34a5d99fa063247179134109

SHA-256:
f31abb5a0fdf676a5b7c799c1acec22cb188a66e896f632748aba2587d4c7cd3

Scanner detections:
2 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
12/27/2024 9:18:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.UpdateProc.K
14.3.6.8

Trend Micro House Call
TROJ_GEN.F47V0404
7.2.147

File size:
104 KB (106,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:CzPvrStHcNAi+vXbJMfxYUjPlbLGa+++++++++++++++++++++++++++++++++gX:Crr9NAJvFMfxzj9bDqa

Entry address:
0x15AE0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 88, 5A, 41, 00, E8, E4, F0, FE, FF, 33, C0, 55, 68, FF, 5B, 41, 00, 64, FF, 30, 64, 89, 20, E8, E1, CB, FE, FF, 85, C0, 0F, 8E, C0, 00, 00, 00, B8, 54, 7C, 41, 00, BA, 14, 5C, 41, 00, E8, 12, E0, FE, FF, 83, 3D, 54, 7C, 41, 00, 00, 75, 0F, B8, 54, 7C, 41, 00, BA, 24, 5C, 41, 00, E8, 06, E2, FE, FF, B8, 54, 7C, 41, 00, 8B, 0D, 54, 7C, 41, 00, BA, 34, 5C, 41, 00, E8, 35, E2, FE, FF, 83, 3D, 54, 7C, 41, 00, 00, 75, 0F, B8, 54, 7C, 41, 00, BA, 44, 5C, 41, 00, E8, D9, E1, FE, FF, B8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
83.5 KB (85,504 bytes)

3 Program Uninstaller
Program name:
Update for Codec Pack

Display publisher:
Update for Codec Pack

Uninstall string:
C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe \uninstall

Program name:
Update for Zip Extractor

Display publisher:
Update for Zip Extractor

Uninstall string:
C:\users\{user}\appdata\roaming\digita~1\updateproc\updatetask.exe \uninstall

Program name:
Update for Zip Opener

Display publisher:
Update for Zip Opener

Uninstall string:
C:\users\{user}\appdata\roaming\digita~1\updateproc\updatetask.exe \uninstall


Scheduled Task
Task name:
Digital Sites

Trigger:
Daily (Runs daily at 18:00)

Action:
updatetask.exe \check


The file updatetask.exe has been discovered within the following programs.

Extended Update  by Hoolapp
Extended Update is a potentially unwanted application that is triggered to run daily by bypassing Windows User Account Control (UAC).
79% remove it
FLV Player  by PROXUS Media Group
Publisher's description - “If you ever wanted to add video to your projects or websites, there is no easier way than using pre-built Flash video components. Our player is one of the most feature loaded components on the market and it was specifically designed to suit developer and designers needs.”
www.proxynetworks.com
About 1% of users remove it
Playtopus  by Playtopus
Playtopus is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. This toolbar currently supports Internet Explorer, Firefox and Chrome.
www.playtopus.com
About 57% of users remove it
Update for FLV Player  by installCore
83% remove it
Warning, this is not associated with Mipony. This installer/uninstaller is a bundler of potentially unwanted software using the ironSouce InstallCore download manager.
www.installcore.com
83% remove it
UpdaterEX  by installCore
This is a potentially unwanted background updater that is installed with a download manager and connects to info.updaterex.com for additional downloads and updated. The software is typically part of a software download bundle from the Install Core mechanism.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-201-98.compute-1.amazonaws.com  (54.225.201.98:80)

TCP (HTTP):
Connects to ec2-23-23-137-245.compute-1.amazonaws.com  (23.23.137.245:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.16.201:80)

TCP (HTTP):
Connects to ec2-54-243-134-193.compute-1.amazonaws.com  (54.243.134.193:80)

TCP (HTTP):
Connects to ec2-54-197-227-159.compute-1.amazonaws.com  (54.197.227.159:80)

TCP (HTTP):
Connects to bits-lb.ulsfo.wikimedia.org  (198.35.26.106:80)

TCP (HTTP):
Connects to bits-lb.esams.wikimedia.org  (91.198.174.202:80)

TCP (HTTP):
Connects to bits-lb.eqiad.wikimedia.org  (208.80.154.234:80)

Remove updatetask.exe - Powered by Reason Core Security