llys_mystartsearch.exe

4962_tugss_mystartsearch

Minidigital Technology Co., Limited

The application llys_mystartsearch.exe by Minidigital Technology Co., Limited has been detected as adware by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Minidigital Technology Co., Limited  (signed and verified)

Product:
4962_tugss_mystartsearch

Description:
Installer Module

Version:
1.0.0.2

MD5:
b8a15e9a6eca888eda800fde5173ff59

SHA-1:
655ec17bfd029d3957b333b5f9bc05016ccdc447

SHA-256:
0d2c513f320ef7c80bc1e0e6b593c4fb665a3da1b8cc8844332259b71ed34254

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/23/2024 2:39:20 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.802
9.0.1.0297

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12442

F-Secure
Gen:Variant.Application.Jatif
11.2015-24-10_7

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln
v2015.10.24.04

Reason Heuristics
PUP.ELEX.MinidigitalTechnologyCo.Installer (M)
15.10.20.16

VIPRE Antivirus
Trojan.Win32.Generic
44710

File size:
538.7 KB (551,600 bytes)

Product version:
1.0.0.2

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\llys_mystartsearch.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/20/2015 7:35:25 AM

Valid to:
6/21/2016 11:55:40 AM

Subject:
CN="Minidigital Technology Co., Limited", O="Minidigital Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219BD1163E204BF21FC46798FAB82CA248

File PE Metadata
Compilation timestamp:
10/15/2015 7:39:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:hOadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrrrb:NEwgWCOEuvFM4+saDvXN9i5b

Entry address:
0x2EF57

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
346.5 KB (354,816 bytes)

The file llys_mystartsearch.exe has been seen being distributed by the following URL.

Remove llys_mystartsearch.exe - Powered by Reason Core Security