dsrsetup.exe

Keep-My-Search LTD

The application dsrsetup.exe by Keep-My-Search has been detected as adware by 7 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Search by Pay-By-Ads. This file is typically installed with the program Yahoo! Search by Pay-by-Ads Ltd which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address NY1WV3659 on port 80 using the HTTP protocol.
Publisher:
Keep-My-Search LTD  (signed and verified)

Version:
1.3.0.0

MD5:
c729acfc2dfc3917b589e24053627fb0

SHA-1:
aa9d55df22da706725b832bef62288370e8cd05f

SHA-256:
59b02639e2a0414c988bd196fa6610293b0c3044bb1642206acdd4bcdbc48ab6

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
11/24/2024 2:33:08 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Toolbar.720
9.0.1.0282

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.96362
8.15.10.09.05

ESET NOD32
Win32/Toolbar.Montiera.R potentially unwanted (variant)
9.12365

F-Secure
Gen:Variant.Adware.Strictor
11.2015-09-10_6

Malwarebytes
PUP.Optional.SecurityUtility
v2015.10.09.05

Reason Heuristics
PUP.Montiera.KeepMySearch.Installer (M)
15.9.25.8

VIPRE Antivirus
Trojan.Win32.Generic
44338

File size:
452.8 KB (463,616 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\dsrsetup.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
9/7/2014 5:00:00 PM

Valid to:
11/12/2015 4:00:00 AM

Subject:
CN=Keep-My-Search LTD, O=Keep-My-Search LTD, L=Tel Aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
087407E453FFF7E46DB51873975E63CB

File PE Metadata
Compilation timestamp:
9/22/2015 12:55:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:/7aj/gXn4hy2drlx9VKXWmR/eivLjYVnvh/p:zaz8Gk/ecjYVp/p

Entry address:
0x3804A

Entry point:
E8, 63, 85, 00, 00, E9, 89, FE, FF, FF, B8, F7, 10, 44, 00, A3, 60, 54, 46, 00, C7, 05, 64, 54, 46, 00, ED, 07, 44, 00, C7, 05, 68, 54, 46, 00, A1, 07, 44, 00, C7, 05, 6C, 54, 46, 00, DA, 07, 44, 00, C7, 05, 70, 54, 46, 00, 43, 07, 44, 00, A3, 74, 54, 46, 00, C7, 05, 78, 54, 46, 00, 6F, 10, 44, 00, C7, 05, 7C, 54, 46, 00, 5F, 07, 44, 00, C7, 05, 80, 54, 46, 00, C1, 06, 44, 00, C7, 05, 84, 54, 46, 00, 4D, 06, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 51, 90, 00, 00, DB...
 
[+]

Entropy:
6.3392

Code size:
315 KB (322,560 bytes)

Program Uninstaller
Program name:
Yahoo! Search

Display publisher:
Pay-By-Ads

Uninstall string:
"C:\users\{user}\appdata\local\temp\{random}.tmp\uninstl


The file dsrsetup.exe has been discovered within the following program.

Yahoo! Search  by Pay-by-Ads Ltd
This is NOT associated with Yahoo. Pay-By-Ads' Yahoo! Search is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
66% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to NY1WV3438  (204.145.82.24:80)

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to server-54-192-14-26.ams1.r.cloudfront.net  (54.192.14.26:80)

TCP (HTTP):
Connects to server-54-192-14-223.ams1.r.cloudfront.net  (54.192.14.223:80)

TCP (HTTP):
Connects to server-52-85-63-205.lhr50.r.cloudfront.net  (52.85.63.205:80)

TCP (HTTP):
Connects to server-52-85-63-154.lhr50.r.cloudfront.net  (52.85.63.154:80)

TCP (HTTP):
Connects to server-52-85-63-149.lhr50.r.cloudfront.net  (52.85.63.149:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.32.43:80)

TCP (HTTP SSL):
Connects to ec2-52-1-139-99.compute-1.amazonaws.com  (52.1.139.99:443)

TCP (HTTP SSL):
Connects to ec2-34-196-191-121.compute-1.amazonaws.com  (34.196.191.121:443)

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

TCP (HTTP):
Connects to 131.subnet180-250-66.speedy.telkom.net.id  (180.250.66.131:80)

Remove dsrsetup.exe - Powered by Reason Core Security