updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program Extended Update by installCore which is a potentially unwanted software program.
MD5:
447373c85ed95236dd4ccd412df52beb

SHA-1:
918abd1bfb6f7164fce4d30679e621e0d21ebd2e

SHA-256:
b43968f67363200925c6be93edb814fd3551c8cab503f57208f2e2b4ac0ce944

Scanner detections:
3 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
12/25/2024 1:23:46 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.14113

ESET NOD32
Win32/DealPly (variant)
8.10659

Reason Heuristics
PUP.UpdateProc.Task.K
14.11.3.3

File size:
116.5 KB (119,296 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:cTbjbkf0+UfKWsXfO3r2zxau7KnmhgoWw8LGb++++++++++++++++++++++++++2:cnQUSW8+exa5nCH78vx

Entry address:
0x18C84

Entry point:
55, 8B, EC, 83, C4, F0, B8, 2C, 8C, 41, 00, E8, 18, C0, FE, FF, 6A, 00, 68, B4, 89, 41, 00, 68, 00, 8B, 41, 00, 68, 34, 8B, 41, 00, B9, C8, 8C, 41, 00, BA, FC, 8C, 41, 00, B8, 14, 8D, 41, 00, E8, 8F, 54, FF, FF, E8, 02, AE, FE, FF, 00, 00, FF, FF, FF, FF, 2A, 00, 00, 00, 68, 60, 69, 64, 60, 2D, 33, 2C, 69, 75, 2B, 55, 2C, 6C, 2D, 34, 2C, 6E, 2D, 34, 2C, 6D, 2D, 31, 2C, 75, 64, 6C, 79, 64, 2D, 34, 30, 2B, 52, 2C, 64, 64, 65, 2D, 31, 40, 00, 00, FF, FF, FF, FF, 0D, 00, 00, 00, 44, 53, 69, 74, 65, 70, 72, 6F...
 
[+]

Entropy:
6.3903

Developed / compiled with:
Microsoft Visual C++

Code size:
95.5 KB (97,792 bytes)

Scheduled Task
Task name:
Digital Sites

Trigger:
Daily (Runs daily at 12:41 AM)

Action:
updatetask.exe \check


The file updatetask.exe has been discovered within the following program.

Extended Update  by installCore
Publisher's description - “Some of the advertisements you see in the installer are delivered by third parties who collect information through cookies, ip address, web beacons, and other technologies about your online activities, in order to understand your interests and deliver advertisements that are tailored to your interests.”
www.installcore.com
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-225-201-98.compute-1.amazonaws.com  (54.225.201.98:80)

TCP (HTTP):
Connects to ec2-23-23-137-245.compute-1.amazonaws.com  (23.23.137.245:80)

TCP (HTTP):
Connects to bits-lb.eqiad.wikimedia.org  (208.80.154.234:80)

TCP (HTTP):
Connects to 193-124-232-198.static.unitasglobal.net  (198.232.124.193:80)

Remove updatetask.exe - Powered by Reason Core Security