Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
Parent process
Related files
updatedivapton.exe
By DiVapton (Signed)
Version: | 1.0.5021.21099 |
MD5: | e721cb2c9dfd68525f4e36da47b08059 |
SHA1: | 9d3f941f0fbaac0673ae44d267c92b99ea2ebb95 |
SHA256: | a6bc87dc9f17362442bc769fdb2b689579482279c83c165a020e1f8d588bbb64 |
Warning 3 antivirus scanners has detected malware.
Overview
updatedivapton.exe is malware that runs as a service under the name Update DiVapton with extensive SYSTEM privileges (full administrator access). This is typically installed with the program DiVapton 1.0.0 published by Yontoo Technology, Inc. and is most likely removed by most users once installed (76% removed). The assembly utilizes the .NET run-time framework (which is required to be installed on the PC). The file is digitally signed by DiVapton which was issued by the VeriSign certificate authority (CA).
Details
File name: | updatedivapton.exe |
Publisher: | DiVapton |
Description: | DiVapton |
Typical file path: | C:\Program Files\divapton\updatedivapton.exe |
Original name: | DiVapton.exe |
File version: | 1.0.5021.21099 |
Size: | 63.77 KB (65,304 bytes) |
Build date: | 9/30/2013 3:43 PM |
Certificate |
Issued to: | DiVapton |
Authority (CA): | VeriSign |
Digital DNA |
PE subsystem: | Windows Console |
File packed: | No |
Code language: | Microsoft Visual C# / Basic .NET |
.NET CLR: | Yes |
.NET NGENed: | No |
More details
Programs
The following program will install this file
This toolbar/web browser extension is ad/search-supported that is typically installed as an optional offer, users generally have this bundled with 3rd party software. During setup, this toolbar will modify the home page and new tab pages to an affiliate search portal using a primary search engine in order to collect shared search revenue.
The software is digitally signed by DiVapton.
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engine | Engine version | Detection |
AhnLab V3 Internet Security |
2013.11.13 |
Adware/Win32.Downloader |
ESET NOD32 |
7.9040 |
a variant of Win32/BrowseFox.G |
Malwarebytes |
1.75.0.1 |
PUP.Optional.DiVapton.A |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00155368% | |
Kernel CPU: | 0.00077824% | |
User CPU: | 0.00077544% | |
Kernel CPU time: | 2,166,449 ms/min | |
Memory |
Private memory: | 22.04 MB | |
Private (maximum): | 18.29 MB | |
Private (minimum): | 4.96 MB | |
Non-paged memory: | 22.04 MB | |
Virtual memory: | 158.59 MB | |
Virtual memory (peak): | 169.2 MB | |
Working set: | 9.66 MB | |
Working set (peak): | 20.94 MB | |
Resource allocations |
Threads: | 12 | |
Handles: | 457 | |
Process properties
Integrety level: | System |
Platform: | 32-bit |
Command lines: |
- "C:\Program Files\divapton\updatedivapton.exe"
- "C:\Program Files\divapton\bin\utildivapton.exe"
- C:\Windows\System32\wbem\wmiapsrv.exe
|
Owner: | SYSTEM |
Windows Service |
Service name: | Update DiVapton |
Type: | Win32OwnProcess |
Parent process: | services.exe (Services and Controller app by Microsoft) |
Distribution by Windows OS
OS version | distribution |
Windows 7 Professional |
80.00% |
|
Windows 7 Home Premium |
20.00% |
|
Distribution by country
Czech Republic installs about 80.00% of updatedivapton.exe.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Lenovo |
80.00% |
|
Sony |
20.00% |
|