» updatetask.exe
Overview
Analysis
File Details
Behaviors (4)
Programs (6)
Network (8)

updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This is the uninstaller utility registered in the Windows Control Panel for the program Update for Codec Pack by Update for Codec Pack. Additionally, the file is typically installed by a number of programs including FLV Player by PROXUS Media Group and UpdaterEX by installCore.

File name:

updatetask.exe

MD5:

24a819a072d40b5821504fcbd0a67537

SHA-1:

89987a006aeaff6b34a5d99fa063247179134109

SHA-256:

f31abb5a0fdf676a5b7c799c1acec22cb188a66e896f632748aba2587d4c7cd3

Scanner detections:

2 / 68

Status:

Adware

Explanation:

The update task for the InstallCore download manager.

Analysis date:

11/16/2024 3:04:22 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.UpdateProc.K

14.3.6.8

Trend Micro House Call

TROJ_GEN.F47V0404

7.2.147

File size:

104 KB (106,496 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:CzPvrStHcNAi+vXbJMfxYUjPlbLGa+++++++++++++++++++++++++++++++++gX:Crr9NAJvFMfxzj9bDqa

Entry address:

0x15AE0

Entry point:

55, 8B, EC, 83, C4, F0, B8, 88, 5A, 41, 00, E8, E4, F0, FE, FF, 33, C0, 55, 68, FF, 5B, 41, 00, 64, FF, 30, 64, 89, 20, E8, E1, CB, FE, FF, 85, C0, 0F, 8E, C0, 00, 00, 00, B8, 54, 7C, 41, 00, BA, 14, 5C, 41, 00, E8, 12, E0, FE, FF, 83, 3D, 54, 7C, 41, 00, 00, 75, 0F, B8, 54, 7C, 41, 00, BA, 24, 5C, 41, 00, E8, 06, E2, FE, FF, B8, 54, 7C, 41, 00, 8B, 0D, 54, 7C, 41, 00, BA, 34, 5C, 41, 00, E8, 35, E2, FE, FF, 83, 3D, 54, 7C, 41, 00, 00, 75, 0F, B8, 54, 7C, 41, 00, BA, 44, 5C, 41, 00, E8, D9, E1, FE, FF, B8... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

83.5 KB (85,504 bytes)

3 Program Uninstaller

Program name:

Update for Codec Pack

Display publisher:

Update for Codec Pack

Uninstall string:

C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe \uninstall

Program name:

Update for Zip Extractor

Display publisher:

Update for Zip Extractor

Uninstall string:

C:\users\{user}\appdata\roaming\digita~1\updateproc\updatetask.exe \uninstall

Program name:

Update for Zip Opener

Display publisher:

Update for Zip Opener

Uninstall string:

C:\users\{user}\appdata\roaming\digita~1\updateproc\updatetask.exe \uninstall

Scheduled Task

Task name:

Digital Sites

Trigger:

Daily (Runs daily at 18:00)

Action:

updatetask.exe \check

The file updatetask.exe has been discovered within the following programs.

Extended Update by Hoolapp

Extended Update is a potentially unwanted application that is triggered to run daily by bypassing Windows User Account Control (UAC).

79% remove it

FLV Player by PROXUS Media Group

Publisher's description - “If you ever wanted to add video to your projects or websites, there is no easier way than using pre-built Flash video components. Our player is one of the most feature loaded components on the market and it was specifically designed to suit developer and designers needs.”

www.proxynetworks.com

About 1% of users remove it

Playtopus by Playtopus

Playtopus is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising. This toolbar currently supports Internet Explorer, Firefox and Chrome.

www.playtopus.com

About 57% of users remove it

Update for FLV Player by installCore

83% remove it

Update for Mipony Download Accelerator by installCore

Warning, this is not associated with Mipony. This installer/uninstaller is a bundler of potentially unwanted software using the ironSouce InstallCore download manager.

www.installcore.com

83% remove it

UpdaterEX by installCore

This is a potentially unwanted background updater that is installed with a download manager and connects to info.updaterex.com for additional downloads and updated. The software is typically part of a software download bundle from the Install Core mechanism.

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-225-201-98.compute-1.amazonaws.com (54.225.201.98:80)

TCP (HTTP):

Connects to ec2-23-23-137-245.compute-1.amazonaws.com (23.23.137.245:80)

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (54.231.16.201:80)

TCP (HTTP):

Connects to ec2-54-243-134-193.compute-1.amazonaws.com (54.243.134.193:80)

TCP (HTTP):

Connects to ec2-54-197-227-159.compute-1.amazonaws.com (54.197.227.159:80)

TCP (HTTP):

Connects to bits-lb.ulsfo.wikimedia.org (198.35.26.106:80)

TCP (HTTP):

Connects to bits-lb.esams.wikimedia.org (91.198.174.202:80)

TCP (HTTP):

Connects to bits-lb.eqiad.wikimedia.org (208.80.154.234:80)

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.