home

cvs_mystartsearch.exe

3493_cvs_mystartsearch

Shulan Hou

The application cvs_mystartsearch.exe by Shulan Hou has been detected as adware by 17 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
BaiSix  (signed by Shulan Hou)

Product:
3493_cvs_mystartsearch

Description:
BaiSix

Version:
6.3.7602.2124

MD5:
1ccfb04a87a5d4a5b00c34c49c1e9e09

SHA-1:
50d89b3345ae62fd48364f8649964cca31153db2

SHA-256:
06eaec65c5afac00befcb2e348d03f2103f36c7e0131067ee9d9a5661c7f6b73

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
11/25/2024 9:41:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1261596
554

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.LuckySearches
2015.04.30

Baidu Antivirus
PUA.Win32.LiMo
4.0.3.1551

Bitdefender
Application.Generic.1261596
1.0.20.1060

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Application.Generic.1261596
8.15.07.31.11

ESET NOD32
Win32/LiMo.C potentially unwanted (variant)
9.11560

F-Secure
Application.Generic.1261596
11.2015-31-07_6

G Data
Win32.Application.Limo
15.5.25

herdProtect (fuzzy)
variant of awhe66c.tmp
2015.7.31.11

K7 AntiVirus
Adware
13.203.15784

MicroWorld eScan
Application.Generic.1261596
16.0.0.636

NANO AntiVirus
Riskware.Win32.Mutabaha.dqesbj
0.30.24.1357

Reason Heuristics
Threat.Ma Lin.ShulanHou
15.5.1.16

Sophos
PUA 'Elex' (of type Adware)
5.13

Zillya! Antivirus
Downloader.Adload.Win32.19234
2.0.0.2164

File size:
705.6 KB (722,528 bytes)

Product version:
6.3.7602.2124

Copyright:
BaiSix.com

Original file name:
BaiSix.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\exe\687048707ffa4f156bbd39d6fe97ece9\cvs_mystartsearch.exe

Digital Signature
Signed by:
Shulan Hou

Authority:
DigiCert Inc

Valid from:
12/24/2014 1:00:00 AM

Valid to:
1/6/2016 1:00:00 PM

Subject:
CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0F2577198BBF58AC5F13AC0B95180508

File PE Metadata
Compilation timestamp:
4/2/2015 12:22:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:27b5VIL4YwyVFJL9qVTvkqcDzcvEghPcTOCa5NqO/cNC5gUCZuTdp435:2v7epqt8qcDovfRcnO/cfZuT3435

Entry address:
0x3DFE3

Entry point:
E8, 20, CA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 30, DB, 49, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, 01, 4C, 00, 00, 59, FF, 34, F5, 30, DB, 49, 00, FF, 15, B0, F1, 47, 00, 5E, 5D, C3, 56, 57, BE, 30, DB, 49, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, B8, F1, 47, 00, 53, E8, CF, A8, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, 50, DC, 49, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15...
 
[+]

Code size:
501 KB (513,024 bytes)

Remove cvs_mystartsearch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.