» wupdater.exe
Overview
Analysis
File Details
Downloads (1)

wupdater.exe

White Sea Media

The application wupdater.exe by White Sea Media has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from shoppingsuggestion.com.

File name:

wupdater.exe

Publisher:

White Sea Media (signed and verified)

MD5:

97fde2519f0c72d8703c9b4b44f5a538

SHA-1:

1f7c0a2af6547b8b5b632b45f0a7cd49f808c079

SHA-256:

6748865ec5e569b1a13be7bba11f9e990a3a4673ade4e3d0687efc7c0f31913f

Scanner detections:

29 / 68

Status:

Adware

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/5/2024 11:42:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.79275

736

AhnLab V3 Security

Unwanted/Win32.BitCoinMiner

2014.02.03

Avira AntiVirus

TR/Zusy.79275.3

7.11.128.158

avast!

Win32:BitCoinMiner-FE [Trj]

2014.9-140113

AVG

MalSign.Generic

2016.0.3214

Bitdefender

Gen:Variant.Zusy.79275

1.0.20.145

Comodo Security

UnclassifiedMalware

17718

Dr.Web

DLOADER.Trojan

9.0.1.013

Emsisoft Anti-Malware

Gen:Variant.Zusy.79275

8.15.01.29.11

ESET NOD32

Win32/CoinMiner.JO (variant)

9.9371

Fortinet FortiGate

W32/Agent.ADURO!tr

1/29/2015

F-Secure

Gen:Variant.Zusy.79275

11.2015-29-01_5

G Data

Gen:Variant.Zusy.79275

15.1.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.11028

Kaspersky

Trojan.Win32.Agent

14.0.0.4473

Malwarebytes

PUP.BitCoinMiner

v2015.01.29.11

McAfee

Artemis!97FDE2519F0C

5600.7252

MicroWorld eScan

Gen:Variant.Zusy.79275

16.0.0.87

Norman

Agent.BAEUI

11.20150129

Panda Antivirus

Generic Malware

15.01.29.11

Qihoo 360 Security

Win32/Trojan.380

1.0.0.1015

Reason Heuristics

PUP.WhiteSeaMedia.I

14.8.7.21

Sophos

Mal/Generic-S

4.97

SUPERAntiSpyware

Trojan.Agent/Gen-CoinMiner

10085

Trend Micro House Call

TROJ_GEN.R0CCC0UAV14

7.2.29

Trend Micro

TROJ_GEN.R0CCC0UAV14

10.465.29

Vba32 AntiVirus

Trojan.Agent.aduro

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26060

File size:

63.2 KB (64,736 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\wupdater.exe

Digital Signature

Signed by:

White Sea Media

Authority:

COMODO CA Limited

Valid from:

7/8/2013 6:00:00 AM

Valid to:

7/9/2014 5:59:59 AM

Subject:

CN=White Sea Media, O=White Sea Media, STREET=4142 Mariner Blvd, L=Spring Hill, S=FL, PostalCode=34609, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1FB235ACA7565BA27ADC702B2BD05C7F

File PE Metadata

Compilation timestamp:

1/12/2014 9:53:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

768:/BIVBmj0C1S8QlFk+o35ZGdhB2zos4IfsFx32Pc3EDkAnTH3MpUj8ueev8nKgKm:0ch1SZeD5ZckoKsrmPc6jMFy0nMm

Entry address:

0x3397

Entry point:

E8, CF, 2E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, A0, A7, 40, 00, FF, 15, E0, A0, 40, 00, 85, C0, 74, 15, 68, 90, A7, 40, 00, 50, FF, 15, B4, A0, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, E4, A0, 40, 00, CC, 6A, 08, E8, 95, 30, 00, 00, 59, C3, 6A, 08, E8, B3, 2F, 00, 00, 59, C3, 8B, FF, 56, E8, F9, 29, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 8B, 14, 00, 00, 56, E8, B5, 32, 00, 00, 56, E8, A0, 32, 00... 
[+]

Code size:

33.5 KB (34,304 bytes)

The file wupdater.exe has been seen being distributed by the following URL.

http://shoppingsuggestion.com/.../update7.exe

Remove wupdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.