file_163623.exe

Search Safer Inc.

The application file_163623.exe by Search Safer has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2kfsynn8a76li.cloudfront.net.
Publisher:
Search Safer Inc.  (signed and verified)

MD5:
06e23e85b7a997ceafd2bfc7d7929fd0

SHA-1:
f12e2512e31a2ff6980c35434f3a4d2e7f8ea565

SHA-256:
965efe6b753b5a5c95fe7e0fc718586248d4cd49c89b3663eec5045481b13cd6

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/26/2024 12:03:50 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/DH
2015.0.3492

Dr.Web
Adware.Downware.3008
9.0.1.0117

Reason Heuristics
PUP.SearchSafer.L
14.8.8.0

File size:
1.3 MB (1,389,016 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\file_163623.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
4/17/2014 7:00:00 PM

Valid to:
2/10/2016 6:00:00 AM

Subject:
CN=Search Safer Inc., O=Search Safer Inc., L=San Francisco, S=California, C=US, PostalCode=94107, STREET=665 3rd st, STREET=suite 150, SERIALNUMBER=5189473, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0A4669F7321BBB3215A68123F91E80BD

File PE Metadata
Compilation timestamp:
2/24/2012 1:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:2E0rvJDkHmCy3VQs9MtLjTgfa3kon9FaOdEz6uofK5PF9qxa:29Dqs9ocS3qOIofK5PFYxa

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
6.5760

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file file_163623.exe has been seen being distributed by the following URL.

Remove file_163623.exe - Powered by Reason Core Security