» dl159.exe
Overview
Analysis
File Details

dl159.exe

Search Results, LLC

The application dl159.exe by Search Results has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

dl159.exe

Publisher:

Search Results, LLC (signed and verified)

MD5:

80dbc0a3aeea9c44eac021b50e45a0f1

SHA-1:

16fa60f4e1f19289460cfe1aa2893ef12453cc59

SHA-256:

f7baa64e47af83a91d83caf077086780ffea9837059ad21d17e79105c39b3621

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/27/2024 2:48:02 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.9.6.16

File size:

753.6 KB (771,672 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\defaulttab\defaulttab\dl159.exe

Digital Signature

Signed by:

Search Results, LLC

Authority:

COMODO CA Limited

Valid from:

5/2/2014 3:00:00 AM

Valid to:

5/2/2017 2:59:59 AM

Subject:

CN="Search Results, LLC", O="Search Results, LLC", STREET="2751 Hennepin Ave S #252", L=Minneapolis, S=MN, PostalCode=55405, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

64CA9F4A3D9A5E89553273D5E484CBE9

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:4yzBCBbJJf/dcFLJ2NQrpEDyFhlZixxXc67Pcl3cIVTYQ1Uh0:3BmreLJBKDsriMoPcls4EUg0

Entry address:

0x6A27C

Entry point:

55, 8B, EC, 83, C4, F0, B8, 04, A0, 46, 00, E8, 14, C8, F9, FF, 33, C0, 55, 68, 10, A3, 46, 00, 64, FF, 30, 64, 89, 20, B8, 24, A3, 46, 00, E8, A4, ED, F9, FF, A2, D0, EE, 46, 00, B8, 38, A3, 46, 00, E8, E1, DB, FF, FF, B8, D8, EE, 46, 00, BA, 50, A3, 46, 00, E8, 96, A5, F9, FF, B8, D4, EE, 46, 00, BA, 60, A3, 46, 00, E8, 87, A5, F9, FF, A1, D4, EE, 46, 00, E8, D9, DE, FF, FF, E8, 88, E2, FF, FF, 84, C0, 74, 0F, E8, 8B, E8, FF, FF, E8, D6, E6, FF, FF, E8, 81, EA, FF, FF, E8, B4, F7, FF, FF, E8, 63, F0, FF... 
[+]

Entropy:

7.1529

Developed / compiled with:

Microsoft Visual C++

Code size:

421 KB (431,104 bytes)

Remove dl159.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.