» llys_mystartsearch.exe
Overview
Analysis
File Details
Downloads (1)

llys_mystartsearch.exe

4962_tugss_mystartsearch

Minidigital Technology Co., Limited

The application llys_mystartsearch.exe by Minidigital Technology Co., Limited has been detected as adware by 6 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.

File name:

Publisher:

Minidigital Technology Co., Limited (signed and verified)

Product:

4962_tugss_mystartsearch

Description:

Installer Module

Version:

1.0.0.2

MD5:

b8a15e9a6eca888eda800fde5173ff59

SHA-1:

655ec17bfd029d3957b333b5f9bc05016ccdc447

SHA-256:

0d2c513f320ef7c80bc1e0e6b593c4fb665a3da1b8cc8844332259b71ed34254

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

11/23/2024 2:39:20 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Mutabaha.802

9.0.1.0297

ESET NOD32

Win32/ELEX.FK potentially unwanted (variant)

9.12442

F-Secure

Gen:Variant.Application.Jatif

11.2015-24-10_7

Malwarebytes

PUP.Optional.IStartSurf.ShrtCln

v2015.10.24.04

Reason Heuristics

PUP.ELEX.MinidigitalTechnologyCo.Installer (M)

15.10.20.16

VIPRE Antivirus

Trojan.Win32.Generic

44710

File size:

538.7 KB (551,600 bytes)

Product version:

1.0.0.2

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\llys_mystartsearch.exe

Digital Signature

Signed by:

Minidigital Technology Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

10/20/2015 7:35:25 AM

Valid to:

6/21/2016 11:55:40 AM

Subject:

CN="Minidigital Technology Co., Limited", O="Minidigital Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11219BD1163E204BF21FC46798FAB82CA248

File PE Metadata

Compilation timestamp:

10/15/2015 7:39:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:hOadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrrrb:NEwgWCOEuvFM4+saDvXN9i5b

Entry address:

0x2EF57

Entry point:

E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74... 
[+]

Code size:

346.5 KB (354,816 bytes)

The file llys_mystartsearch.exe has been seen being distributed by the following URL.

http://d2drfrdurj6mvo.cloudfront.net/.../llys_mystartsearch.exe

Remove llys_mystartsearch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.