Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Additional versions
(Note, Hoolapp publishes each variation of this file with the same version, but the hashes are unique.)
Relationships
updatetask.exe
By Hoolapp (Signed)
| MD5: | a6a9c1291b7762dbd95022af71a6dd35 |
| SHA1: | 84fe61acee90134c6bfbd3cecf1fb07bc22c997c |
| SHA256: | 6df80aed2790d062b88ee56e745a7844884fcd39c725f96771a0c526aac7d379 |
Warning 14 antivirus scanners has detected malware.
Overview
updatetask.exe is malware that executes as a process with the local user's privileges. It is installed with a couple of know programs including Update for Zip Opener published by installCore, Update for Codec Pack from installCore and Update for Codec Pack by installCore. The file is digitally signed by Hoolapp which was issued by the COMODO CA Limited certificate authority (CA).
Details
| File name: | updatetask.exe |
| Typical file path: | C:\users\user\appdata\roaming\hoolappforandroid\updateproc\updatetask.exe |
| Size: | 99 KB (101,376 bytes) |
| Certificate |
| Issued to: | Hoolapp |
| Authority (CA): | COMODO CA Limited |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
The software uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but also include an option to ‘opt-out’ during or after the installation process. Typical bundled installs include DealPly as well as other potentiall...
Update for Codec Pack uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but also include an option to ‘opt-out’ during or after the installation process. Typical bundled installs include DealPly as well as other p...
Update for PDF Writer uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but also include an option to ‘opt-out’ during or after the installation process. Typical bundled installs include DealPly as well as other p...
Update for Mipony Download Manager is the update mechanism for the Install Core software which is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.
Update for Image Editor uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but also include an option to ‘opt-out’ during or after the installation process. Typical bundled installs include DealPly as well as other...
Update for Codec Package is the update mechanism for the Install Core software which is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.
Update for Zip Extractor uses the Install Core download Manager. Install Core Click run software is an installer which bundles applications with offers for additional third party programs that may be unwanted by the user including toolbars and browser extensions. Such third party programs are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.
The soft...
Update for PDF Creator uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but also include an option to ‘opt-out’ during or after the installation process. Typical bundled installs include DealPly as well as other ...
This uses the InstallCore download Manager. Install Core Click run software is an installer which bundles applications with offers for additional third party programs that may be unwanted by the user incuding toolbars and browser extensions. Such third party programs are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.
This is a potentially unwanted background updater that is installed with a download manager and connects to info.updaterex.com for additional downloads and updated. The software is typically part of a software download bundle from the Install Core mechanism.
SaveSense injects price comparison advertisements based on the context of the web page a user is visiting. These advertisements are in the form of popup banner ads.
From the Terms of Service: "SaveSense provides you with its services, which is a shopping comparative service that includes a downloadable browser add-on ("Software"), banners ads, and coupons that provide you with relevant Offers while you shop online, in order to help y...
Behaviors
Scheduled tasks
- The task 'Price Meter Updater' runs daily in the path '\Price Meter Updater'
- The task 'Speedial' runs daily in the path '\Speedial'
- The task 'PriceMeterUpdater' runs daily in the path '\PriceMeterUpdater'
- The task 'DigitalSite' runs daily in the path '\DigitalSite'
- The task 'MetaCrawler' runs daily in the path '\MetaCrawler'
- The task 'UpdaterEX' runs daily in the path '\UpdaterEX'
- The job 'MySearchDial' runs daily in the path '\MySearchDial'
- The task 'DealPly' runs daily in the path '\DealPly'
- The job 'At1' runs weekly in the path 'C:\WINDOWS\Tasks\At1.job'
- The job 'DSite' runs daily in the path '\DSite'
- The task 'Hoolapp For Android' runs daily in the path '\Hoolapp For Android'
- The job 'Funmoods' runs daily in the path '\Funmoods'
- Entry path '\Funmoods'
- Entry path '\Hoolapp For Android'
Network connections
[TCP] ec2-54-214-29-188.us-west-2.compute.amazonaws.com (54.214.29.188:80)
Malware detections
Based on 40+ industry antivirus scanners, 14 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| AVG |
13.0.0.3169 |
Delf.AMSI |
| Bkav Security |
1.3.0.4562 |
W32.Clod71f.Trojan.7736 |
| Comodo Internet Security |
17314 |
Application.Win32.InstallCore.~AGT |
| Dr.Web |
8.13.11.25 |
Adware.Downware.1573 |
| ESET NOD32 |
7.9082 |
a variant of Win32/DealPly.H |
| Fortinet |
5.1.147.0 |
W32/Agent.AEMZ!tr |
| Ikarus |
T3.1.5.6.0 |
Trojan-Dropper.Delf |
| K7 AntiVirus |
9.174.10272 |
Trojan ( 0048e3631 ) |
| K7GW |
9.174.10272 |
Trojan ( 0048e3631 ) |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
| Malwarebytes |
1.75.0.1 |
PUP.Optional.DigitalSites.A |
| Sophos |
4.95.0 |
Troj/Agent-AEMZ |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R0CBH07K213 |
| VIPRE Antivirus |
23614 |
Trojan.Win32.Generic!BT |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.01976556% | |
| Kernel CPU: | 0.01041698% | |
| User CPU: | 0.00934857% | |
| Kernel CPU time: | 156 ms/min | |
| CPU cycles: | 1,383,232/sec | |
| Memory |
| Private memory: | 4.57 MB | |
| Private (maximum): | 13.43 MB | |
| Private (minimum): | 976 KB | |
| Non-paged memory: | 4.57 MB | |
| Virtual memory: | 104 MB | |
| Virtual memory (peak): | 117.27 MB | |
| Working set: | 936 KB | |
| Working set (peak): | 13.59 MB | |
| Page faults: | 10,291/min | |
| I/O |
| I/O read transfer: | 15.04 KB/sec | |
| I/O read operations: | 5/sec | |
| I/O other transfer: | 28.66 KB/sec | |
| I/O other operations: | 177/sec | |
| Resource allocations |
| Threads: | 3 | |
| Handles: | 259 | |
| GUI GDI count: | 28 | |
| GUI GDI peak: | 30 | |
| GUI USER count: | 21 | |
| GUI USER peak: | 22 | |
Process properties
Threads
Averages
| updatetask.exe |
| Total CPU: | 0.02753617% | |
| Kernel CPU: | 0.01376808% | |
| User CPU: | 0.01376808% | |
| CPU cycles: | 852,598/sec | |
| Context switches: | 6/sec | |
| Memory: | 120 KB | |
| ntdll.dll |
| Total CPU: | 0.00590733% | |
| Kernel CPU: | 0.00590733% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 30,970/sec | |
| Memory: | 1.66 MB | |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
26.76% |
|
| Windows 7 Ultimate |
18.31% |
|
| Microsoft Windows XP |
12.68% |
|
| Windows 8.1 |
8.45% |
|
| Windows 8 |
8.45% |
|
| Windows Vista Home Premium |
5.63% |
|
| Windows 8 Pro |
4.23% |
|
| Windows 7 Professional |
4.23% |
|
| Windows 7 Home Basic |
2.82% |
|
| Windows 8.1 Pro with Media Center |
1.41% |
|
| Windows 8.1 Enterprise |
1.41% |
|
| Windows 8.1 Single Language |
1.41% |
|
| Windows Developer Preview |
1.41% |
|
| Windows 8.1 Single Language Preview |
1.41% |
|
| Windows 8 Pro with Media Center |
1.41% |
|
Distribution by country
United States installs about 30.99% of updatetask.exe.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
19.78% |
|
| Acer |
17.58% |
|
| Lenovo |
13.19% |
|
| Hewlett-Packard |
13.19% |
|
| ASUS |
10.99% |
|
| Toshiba |
8.79% |
|
| GIGABYTE |
4.40% |
|
| Samsung |
3.30% |
|
| American Megatrends |
3.30% |
|
| MSI |
2.20% |
|
| Sony |
2.20% |
|
| Sahara |
1.10% |
|
