llys_mystartsearch.exe

4868_tugss_mystartsearch

Minidigital Technology Co., Limited

The application llys_mystartsearch.exe by Minidigital Technology Co., Limited has been detected as adware by 9 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Minidigital Technology Co., Limited  (signed and verified)

Product:
4868_tugss_mystartsearch

Description:
Installer Module

Version:
1, 0, 0, 1

MD5:
ef325d3ea9f83faf947dc50ee103f13d

SHA-1:
49a1a898e4e8bb212a7461d44bbf441741f5350f

SHA-256:
4ed39187710c8fbba3f42a090c9477f6eb60ad05d13ef23e589a048a5e307262

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
12/24/2024 7:18:00 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-151005

Dr.Web
Adware.Mutabaha.704
9.0.1.0278

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12346

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

K7 AntiVirus
Riskware
13.210.17406

Malwarebytes
PUP.Optional.MyStartSearch.ShrtCln
v2015.10.05.05

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.ELEX.MinidigitalTechnologyCo.Installer (M)
15.10.5.5

VIPRE Antivirus
Minidigital Technologies
44230

File size:
536.2 KB (549,040 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\llys_mystartsearch.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/29/2015 6:15:51 AM

Valid to:
6/21/2016 10:55:40 AM

Subject:
CN="Minidigital Technology Co., Limited", O="Minidigital Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11214CE115AF28506C44B4B11D01099FEBCE

File PE Metadata
Compilation timestamp:
9/11/2015 10:27:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:CTwsAln1giCPA6W8XHFlrZtTVq2QBOiVuAC91hrrrr7p:uDbPW+pZtYlBOigAC91Fp

Entry address:
0x2E557

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
344 KB (352,256 bytes)

The file llys_mystartsearch.exe has been seen being distributed by the following URL.

Remove llys_mystartsearch.exe - Powered by Reason Core Security