Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Additional versions
(Note, Engaging Apps publishes each variation of this file with the same version, but the hashes are unique.)
Relationships
updater21806.exe
Deals Plugin Extension by Engaging Apps (Signed)
| Version: | 1000.1000.1000.1000 |
| MD5: | 67cae5bfa7303c6e4c2447c548afc39a |
| SHA1: | 65a1a52dbe24b125eb7beb7b5e0a4562cbf69159 |
| SHA256: | d4e26d3541685c111a718e32614380b0470fcb0c4a30fdb3376c9e163d1e207d |
Warning 8 antivirus scanners has detected malware.
Overview
updater21806.exe is malware that executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). The file is digitally signed by Engaging Apps which was issued by the Thawte certificate authority (CA).
Details
| File name: | updater21806.exe |
| Publisher: | Innovative Apps |
| Product name: | Deals Plugin Extension |
| Description: | Deals Plugin Extension exe |
| Typical file path: | C:\Documents and Settings\user\Local\updater21806\updater21806.exe |
| Original name: | Deals Plugin Extension.exe |
| File version: | 1000.1000.1000.1000 |
| Size: | 201.5 KB (206,336 bytes) |
| Build date: | 1/15/2013 11:01 AM |
| Certificate |
| Issued to: | Engaging Apps |
| Authority (CA): | Thawte |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| .NET CLR: | No |
More details
Behaviors
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Updater21806.exe' → C:\Documents and Settings\user\Local\Updater21806\Updater21806.exe /extensionid=21806 /extensionname='Deals Plugin Extension' /chromeid=bbhgoadfgiandmaieopaphefb
Scheduled tasks
- The task 'Updater21806.exe' in the path '\Updater21806.exe'
Malware detections
Based on 40+ industry antivirus scanners, 8 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| AVG |
13.0.0.3169 |
SmartShopper.G |
| Baidu Antivirus |
3.5.1.41473 |
Trojan.Win32.Agent.peo |
| Dr.Web |
8.13.10.5 |
Adware.Plugin.88 |
| ESET NOD32 |
7.8859 |
a variant of Win32/Toolbar.CrossRider.C |
| McAfee |
5.600.1067 |
Artemis!67CAE5BFA730 |
| McAfee Gateway Anti-Malware |
v2013-dat |
Artemis!67CAE5BFA730 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0416 |
| VIPRE Antivirus |
21968 |
GamePlayLabs (fs) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00021012% | |
| Kernel CPU: | 0.00016558% | |
| User CPU: | 0.00004454% | |
| Kernel CPU time: | 1,875 ms/min | |
| Memory |
| Private memory: | 1.93 MB | |
| Private (maximum): | 6.25 MB | |
| Private (minimum): | 3.32 MB | |
| Non-paged memory: | 1.93 MB | |
| Virtual memory: | 42.23 MB | |
| Virtual memory (peak): | 45.24 MB | |
| Working set: | 6.25 MB | |
| Working set (peak): | 6.27 MB | |
| Resource allocations |
| Threads: | 2 | |
| Handles: | 167 | |
| GUI GDI count: | 8 | |
| GUI USER count: | 4 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command line: | "C:\Documents and Settings\user\Local\updater21806\updater21806.exe" /extensionid=21806 /extensionname='deals plugin extension' /chromeid=bbhgoadfgiandmaieopaphefbhcdpfaf /stayidle /delay=300 |
| Owner: | User |
| Parent process: | explorer.exe (by Microsoft) |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
33.33% |
|
| Windows 7 Professional |
33.33% |
|
| Microsoft Windows XP |
33.33% |
|
Distribution by country
Panama installs about 33.33% of Deals Plugin Extension.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
66.67% |
|
| Samsung |
33.33% |
|
