dsrsetup.exe

PayByAds ltd.

The application dsrsetup.exe by PayByAds ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Search by Pay-By-Ads.
Publisher:
Pay By Ads LTD  (signed by PayByAds ltd.)

Version:
1.3.0.0

MD5:
adc99a072bfc23aa7a5a7a35d3d8045e

SHA-1:
4880137284154827fd92db911d49455eb2f713ef

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 4:35:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera.PayByAds.Installer (M)
16.7.2.10

File size:
423.9 KB (434,024 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\pay-by-ads\yahoo! search\1.3.15.4\dsrsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/28/2014 1:00:00 AM

Valid to:
7/29/2015 12:59:59 AM

Subject:
CN=PayByAds ltd., O=PayByAds ltd., STREET="Herbert Samuel, 46", L=Tel Aviv, S=Israel, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CA9E6FD9AC89FBB9BC192CA9530A98F5

File PE Metadata
Compilation timestamp:
10/23/2014 9:10:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:3fQn63JArVuvl/BWAeJ6u0Ibg7gawAf7PJDsx:FHQd0u0IU8aPhsx

Entry address:
0x337E0

Entry point:
E8, 15, 81, 00, 00, E9, 89, FE, FF, FF, B8, 3F, C4, 43, 00, A3, A0, F3, 45, 00, C7, 05, A4, F3, 45, 00, 35, BB, 43, 00, C7, 05, A8, F3, 45, 00, E9, BA, 43, 00, C7, 05, AC, F3, 45, 00, 22, BB, 43, 00, C7, 05, B0, F3, 45, 00, 8B, BA, 43, 00, A3, B4, F3, 45, 00, C7, 05, B8, F3, 45, 00, B7, C3, 43, 00, C7, 05, BC, F3, 45, 00, A7, BA, 43, 00, C7, 05, C0, F3, 45, 00, 09, BA, 43, 00, C7, 05, C4, F3, 45, 00, 95, B9, 43, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 03, 8C, 00, 00, DB...
 
[+]

Code size:
294 KB (301,056 bytes)

Program Uninstaller
Program name:
Yahoo! Search

Display publisher:
Pay-By-Ads

Uninstall string:
"C:\Documents and Settings\user\Application Data\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrsetup.exe" /uninstl


Remove dsrsetup.exe - Powered by Reason Core Security