» appsteinsetup.exe
Overview
Analysis
File Details
Programs (1)

appsteinsetup.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application appsteinsetup.exe by Montiera Technologies has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program Appstein by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

appsteinsetup.exe

Publisher:

Montiera Technologies LTD (signed and verified)

MD5:

58a98b0c5b5c01ec6c71b80a908e32a7

SHA-1:

c2bded5e4e0fcbc0c0b62a1ce34f5495703ccece

SHA-256:

56567435a8ecbe871f25cbde93d904b3fc492c7bcdb475c79ee4e0ee58f3803c

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 8:01:08 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downloader

7.1.1

AVG

Montiera

2016.0.3204

Baidu Antivirus

Hacktool.Win32.Montiera

4.0.3.1529

Dr.Web

Trojan.DownLoader11.22262

9.0.1.040

IKARUS anti.virus

not-a-virus:Downloader.Montiera

t3scan.1.7.5.0

Kaspersky

not-a-virus:Downloader.Win32.Montiera

14.0.0.2513

NANO AntiVirus

Trojan.Win32.DownLoader11.dcoupy

0.28.2.61861

Qihoo 360 Security

Win32/Virus.Downloader.250

1.0.0.1015

Reason Heuristics

PUP.Installer.Montiera

15.2.9.11

Vba32 AntiVirus

Downloader.Montiera

3.12.26.3

VIPRE Antivirus

Montiera

32698

File size:

833.9 KB (853,896 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\appstein\appsteinsetup.exe

Digital Signature

Signed by:

Montiera Technologies LTD

Authority:

COMODO CA Limited

Valid from:

7/22/2014 8:00:00 PM

Valid to:

7/23/2015 7:59:59 PM

Subject:

CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata

Compilation timestamp:

7/25/2014 9:34:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:RrdVSGEnO5KfJcUSLDnL2PaKhEbOAt+1t8jJSBds70lG:RrdVSGE+gJ9Sz2iK2bOAIPtX9

Entry address:

0x12B48

Entry point:

E8, 73, 6A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 10, B3, 42, 00, 00, 74, 05, E9, CF, 6A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83... 
[+]

Entropy:

7.8271 (probably packed)

Code size:

121.5 KB (124,416 bytes)

The file appsteinsetup.exe has been discovered within the following program.

Appstein by Yontoo Technology, Inc.

Appstein is an Internet toolbar/plugin (for Internet Explorer it runs as a BHO, in Chrome and Firefox it will run as an extension) that plugs into the user's default web browser and will modify a number of settings such as taking control of the browser's search and home pages, new tab functionality as well as DNS 'not found' redirection.

appstein.info/support

82% remove it

Remove appsteinsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.