dae_do-search.exe

5032_dae_do-search

Minidigital Technology Co., Limited

The application dae_do-search.exe by Minidigital Technology Co., Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Minidigital Technology Co., Limited  (signed and verified)

Product:
5032_dae_do-search

Description:
IWill-Mod

Version:
1.0.0.3

MD5:
724fc831fd03c84bc7448506520ef84a

SHA-1:
967ae06fe0eac5666e8043a0f2dbba5799164499

SHA-256:
ea0784e344655774d20450a92ab3caae2eeab50d23c13b48c352fb52838b4b7b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 8:52:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX.MinidigitalTechnologyCo (M)
15.11.10.10

File size:
760.7 KB (778,928 bytes)

Product version:
1.0.0.3

Copyright:
Copyright (C) IWill-Mod System Link 1998

Original file name:
IWill-Mod.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\dae_do-search.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
11/3/2015 8:01:24 AM

Valid to:
6/21/2016 11:55:40 AM

Subject:
CN="Minidigital Technology Co., Limited", O="Minidigital Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210AD87C147E01825EDB75CB44B7005724

File PE Metadata
Compilation timestamp:
11/4/2015 3:15:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:mwwnV0OanQvvv2xXi2aWpfKjBP5WJAUuOpCjPBZ0ddOncRSUx5GpXerrrrbf:pmq2KuOpCjZZ0ddOncn5GJKf

Entry address:
0x36C37

Entry point:
E8, 77, AF, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 04, 29, 00, 00, 6A, 16, 5E, 89, 30, E8, 6B, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, C0, 28, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
378.5 KB (387,584 bytes)

The file dae_do-search.exe has been seen being distributed by the following URL.

Remove dae_do-search.exe - Powered by Reason Core Security