dsrsetup.exe

PayByAds ltd.

The application dsrsetup.exe by PayByAds ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Search by Pay-By-Ads. This file is typically installed with the program Yahoo! Search by Pay-by-Ads Ltd which is a potentially unwanted software program.
Publisher:
Pay By Ads LTD  (signed by PayByAds ltd.)

Version:
1.3.0.0

MD5:
7bba585e4547f919f732810025a53bee

SHA-1:
b311a0b46784eb05c78e63ef8344f8bd4e03ca78

SHA-256:
9bf88fdae7853209641d83d4352092b70dd1e07295d26e43f22dc67860cfb298

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 4:06:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera.PayByAds.Installer (M)
16.6.17.8

File size:
423.9 KB (434,024 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\pay-by-ads\yahoo! search\1.3.15.4\dsrsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/28/2014 7:00:00 AM

Valid to:
7/29/2015 6:59:59 AM

Subject:
CN=PayByAds ltd., O=PayByAds ltd., STREET="Herbert Samuel, 46", L=Tel Aviv, S=Israel, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CA9E6FD9AC89FBB9BC192CA9530A98F5

File PE Metadata
Compilation timestamp:
10/23/2014 3:10:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:EfQn63JArVuvl/BWAeJ6u0Ibg7gawAf7PJDsx:oHQd0u0IU8aPhsx

Entry address:
0x337E0

Entry point:
E8, 15, 81, 00, 00, E9, 89, FE, FF, FF, B8, 3F, C4, 43, 00, A3, A0, F3, 45, 00, C7, 05, A4, F3, 45, 00, 35, BB, 43, 00, C7, 05, A8, F3, 45, 00, E9, BA, 43, 00, C7, 05, AC, F3, 45, 00, 22, BB, 43, 00, C7, 05, B0, F3, 45, 00, 8B, BA, 43, 00, A3, B4, F3, 45, 00, C7, 05, B8, F3, 45, 00, B7, C3, 43, 00, C7, 05, BC, F3, 45, 00, A7, BA, 43, 00, C7, 05, C0, F3, 45, 00, 09, BA, 43, 00, C7, 05, C4, F3, 45, 00, 95, B9, 43, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 03, 8C, 00, 00, DB...
 
[+]

Code size:
294 KB (301,056 bytes)

Program Uninstaller
Program name:
Yahoo! Search

Display publisher:
Pay-By-Ads

Uninstall string:
"C:\users\{user}\appdata\local\pay-by-ads\yahoo! search\1.3.15.4\dsrsetup.exe" \uninstl


The file dsrsetup.exe has been discovered within the following program.

Yahoo! Search  by Pay-by-Ads Ltd
This is NOT associated with Yahoo. Pay-By-Ads' Yahoo! Search is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
66% remove it
 
Powered by Should I Remove It?

Remove dsrsetup.exe - Powered by Reason Core Security