updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 13 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program Extended Update by installCore which is a potentially unwanted software program.
MD5:
e2546b5b06138ec3df9a5d1ae67e871d

SHA-1:
cff687538f9fc0da4b2ae4bfd51e38ed0ba5dcb1

SHA-256:
35b06daa9e0b4657315e65dc998682c62b54fb1c3477691960826b60df307445

Scanner detections:
13 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
12/25/2024 1:29:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.167016
763

AVG
Generic_s
2016.0.3241

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.1513

Bitdefender
Gen:Variant.Adware.Graftor.167016
1.0.20.15

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.167016
8.15.01.03.10

ESET NOD32
Win32/DealPly (variant)
9.10958

F-Secure
Gen:Variant.Adware.Graftor.167016
11.2015-03-01_7

G Data
Gen:Variant.Adware.Graftor.167016
15.1.24

Kaspersky
not-a-virus:AdWare.Win32.DealPly
14.0.0.2698

McAfee
RDN/Generic PUP.x!crf
5600.6897

MicroWorld eScan
Gen:Variant.Adware.Graftor.167016
16.0.0.9

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.UpdateProc.Task.K
15.1.3.10

File size:
124.5 KB (127,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\digitalsites\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:BzgK3csKqO/JkfddOL39L+/5dquUId9IFd38d/yU8XHtC:BwsbOxkfOL3V+/5Vf92d38dKU8Xc

Entry address:
0x199C8

Entry point:
55, 8B, EC, 83, C4, F0, B8, 70, 99, 41, 00, E8, 08, B5, FE, FF, E8, 97, 8D, FE, FF, 85, C0, 7E, 25, 6A, 00, 68, 74, 98, 41, 00, 68, A8, 98, 41, 00, 68, DC, 98, 41, 00, B9, 14, 9A, 41, 00, BA, 44, 9A, 41, 00, B8, 44, 9A, 41, 00, E8, DE, 56, FF, FF, E8, B5, A0, FE, FF, 00, FF, FF, FF, FF, 25, 00, 00, 00, 62, 65, 64, 6D, 6A, 2D, 30, 2C, 64, 2D, 31, 2C, 2F, 49, 52, 67, 75, 68, 51, 2D, 31, 2C, 6E, 69, 74, 6D, 75, 2D, 33, 2C, 2F, 6D, 6E, 60, 2E, 5C, 4C, 00, 00, 00, FF, FF, FF, FF, 17, 00, 00, 00, 4E, 62, 6E, 68...
 
[+]

Entropy:
6.5525

Developed / compiled with:
Microsoft Visual C++

Code size:
99 KB (101,376 bytes)

Scheduled Task
Task name:
Digital Sites

Trigger:
Daily (Runs daily at 9:29 AM)


The file updatetask.exe has been discovered within the following program.

Extended Update  by installCore
Publisher's description - “Some of the advertisements you see in the installer are delivered by third parties who collect information through cookies, ip address, web beacons, and other technologies about your online activities, in order to understand your interests and deliver advertisements that are tailored to your interests.”
www.installcore.com
86% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP):
Connects to ec2-50-19-243-189.compute-1.amazonaws.com  (50.19.243.189:80)

TCP (HTTP):
Connects to ec2-23-23-137-245.compute-1.amazonaws.com  (23.23.137.245:80)

TCP (HTTP):
Connects to ec2-174-129-243-9.compute-1.amazonaws.com  (174.129.243.9:80)

TCP (HTTP):
Connects to ec2-107-21-230-190.compute-1.amazonaws.com  (107.21.230.190:80)

TCP (HTTP):
Connects to bits-lb.eqiad.wikimedia.org  (208.80.154.234:80)

TCP (HTTP):
Connects to 193-124-232-198.static.unitasglobal.net  (198.232.124.193:80)

Remove updatetask.exe - Powered by Reason Core Security