WebUpdater.exe

WebUpdater

The application WebUpdater.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address fd-12-do-e-ny-3.webupdater.co on port 80 using the HTTP protocol.
Product:
WebUpdater

Version:
1.0.41.0

MD5:
e989829b1b3ebe050150174590ca8b1d

SHA-1:
74e862d6f995eab16a950b003534f1e71cacccd7

SHA-256:
2826219e40077300e3382500ec534b6062e05a5504a31ddb1eb6834c93f90f15

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:24:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebBar (M)
16.10.1.17

File size:
20.8 MB (21,822,464 bytes)

Product version:
1.0.41.0

Copyright:
Copyright © 2015

Original file name:
WebUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\webupdater\1.0.41.0\webupdater.exe

File PE Metadata
Compilation timestamp:
9/28/2016 5:02:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:vyM+mKqTQUnaNP7TNhF8q1YVLbfvyBJ2aoDRmEhL1Vo:vGTNhF8q12mEhL1Vo

Entry address:
0x14CA19E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00...
 
[+]

Entropy:
3.2829

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
20.8 MB (21,791,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to fd-12-do-e-ny-3.webupdater.co  (104.236.87.70:80)

TCP (HTTP):
Connects to 32-125-232-198.static.unitasglobal.net  (198.232.125.32:80)

TCP (HTTP SSL):
Connects to ec2-54-215-161-165.us-west-1.compute.amazonaws.com  (54.215.161.165:443)

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

Remove WebUpdater.exe - Powered by Reason Core Security