mysearchdial.exe

MySearchDial

MDS

The application mysearchdial.exe, “Setup ” by MDS has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3emsmln8xfj03.cloudfront.net and multiple other hosts.
Publisher:
Setup ©   (signed by MDS)

Product:
MySearchDial

Description:
Setup

Version:
2.18.2.0

MD5:
9e6f9849d8c628f198394cc6edca5521

SHA-1:
e0d4b58660242e6525448b6c3f05ade4dd33ba78

SHA-256:
b92453d52733e23b7944d556c7af50591fc01c839c0863468cb08243db31a099

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/24/2024 12:24:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.MDS
15.5.30.8

Vba32 AntiVirus
3.12.24.3

File size:
2 MB (2,059,464 bytes)

Product version:
2.18.2.0

Original file name:
MySearchDial_2.18.2.0.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\mysearchdial.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/3/2014 1:00:00 AM

Valid to:
2/4/2015 12:59:59 AM

Subject:
CN=MDS, O=MDS, STREET=28 Lilinblum St., L=Tel-Aviv, S=Israel, PostalCode=6513307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B95CED86999C43270B036A9868F2DF3E

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:hEXBfETQnUIh/rnj/MFClm4D5ndCLJy8d:KRPv/Gs7ndCLJ5d

Entry address:
0x7C04C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 54, BD, 47, 00, E8, BC, B7, F8, FF, 33, C0, E8, 29, F2, FF, FF, E8, A4, 8E, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
492.5 KB (504,320 bytes)

The file mysearchdial.exe has been seen being distributed by the following 2 URLs.

Remove mysearchdial.exe - Powered by Reason Core Security