home

mysearchdial.exe

MySearchDial

MDS

The application mysearchdial.exe, “Setup ” by MDS has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3emsmln8xfj03.cloudfront.net and multiple other hosts.
Publisher:
Setup ©   (signed by MDS)

Product:
MySearchDial

Description:
Setup

Version:
2.18.2.0

MD5:
9e6f9849d8c628f198394cc6edca5521

SHA-1:
e0d4b58660242e6525448b6c3f05ade4dd33ba78

SHA-256:
b92453d52733e23b7944d556c7af50591fc01c839c0863468cb08243db31a099

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/23/2024 8:15:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.MDS
15.5.30.8

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

File size:
2 MB (2,059,464 bytes)

Product version:
2.18.2.0

Original file name:
MySearchDial_2.18.2.0.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\mysearchdial.exe

Digital Signature
Signed by:
MDS

Authority:
COMODO CA Limited

Valid from:
2/3/2014 1:00:00 AM

Valid to:
2/4/2015 12:59:59 AM

Subject:
CN=MDS, O=MDS, STREET=28 Lilinblum St., L=Tel-Aviv, S=Israel, PostalCode=6513307, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B95CED86999C43270B036A9868F2DF3E

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:hEXBfETQnUIh/rnj/MFClm4D5ndCLJy8d:KRPv/Gs7ndCLJ5d

Entry address:
0x7C04C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 54, BD, 47, 00, E8, BC, B7, F8, FF, 33, C0, E8, 29, F2, FF, FF, E8, A4, 8E, F8, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
492.5 KB (504,320 bytes)

The file mysearchdial.exe has been seen being distributed by the following 2 URLs.

http://d3emsmln8xfj03.cloudfront.net/bundles/.../MySearchDial_2.18.2.0 April 2014.exe

http://d1t653m828c3x8.cloudfront.net/bundles/.../MySearchDial_2.18.2.0 April 2014.exe

Remove mysearchdial.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.