» mysearchs.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

mysearchs.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application mysearchs.exe by Montiera Technologies has been detected as adware by 24 anti-malware scanners. This file is typically installed with the program MySearchs by Montiera Technologies LTD which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.

File name:

mysearchs.exe

Publisher:

Pay By Ads LTD (signed by Montiera Technologies LTD)

Version:

1.3.0.0

MD5:

4ed4ac0a1088e46ecb2f2f6d38b6e361

SHA-1:

c039393c0cc7d0d2ffe2a3b98d11a341066076f6

SHA-256:

16be1b1e345c66eaee974d564bd3d41d0883387a631128f19e77dc25a1a638a1

Scanner detections:

24 / 68

Status:

Adware

Analysis date:

11/5/2024 4:49:05 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.74968

750

Avira AntiVirus

TR/Drop.Softomat.AN

7.11.30.172

AVG

Montiera

2016.0.3228

Baidu Antivirus

PUA.Win32.Montiera

4.0.3.14811

Bitdefender

Gen:Variant.Strictor.74968

1.0.20.80

Comodo Security

ApplicUnwnt

20715

Emsisoft Anti-Malware

Gen:Variant.Strictor.74968

8.15.01.16.01

ESET NOD32

Win32/Toolbar.Montiera (variant)

8.10232

Fortinet FortiGate

Riskware/Montiera

1/16/2015

F-Secure

Gen:Variant.Strictor.74968

11.2015-16-01_6

G Data

Gen:Variant.Strictor.74968

15.1.24

herdProtect (fuzzy)

variant of onekit.exe (Adware)

2014.10.17.3

K7 AntiVirus

Trojan

13.191.14645

Kaspersky

not-a-virus:WebToolbar.Win32.Montiera

14.0.0.3423

Malwarebytes

PUP.Optional.PayByAds.A

v2014.08.11.10

McAfee

Artemis!4ED4AC0A1088

5600.6884

MicroWorld eScan

Gen:Variant.Strictor.74968

16.0.0.48

Panda Antivirus

Trj/Chgt.B

14.08.11.10

Reason Heuristics

PUP.Montiera.MontieraTechnologies

15.1.16.1

Sophos

Generic PUA MA

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10295

Trend Micro House Call

Suspicious_GEN.F47V0808

7.2.223

VIPRE Antivirus

Montiera

32094

Zillya! Antivirus

Adware.Montiera.Win32.3

2.0.0.2035

File size:

534.4 KB (547,208 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\mysearchs.exe

Digital Signature

Signed by:

Montiera Technologies LTD

Authority:

COMODO CA Limited

Valid from:

7/23/2014 2:00:00 AM

Valid to:

7/24/2015 1:59:59 AM

Subject:

CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata

Compilation timestamp:

8/4/2014 4:20:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:P4dmrsRivfB3nA74Y7hCEj1KqqLlH9Oi/DlYdTBFRH2hDgRok5Z:1KHAldOi/Dl6FRWhsoc

Entry address:

0x3F736

Entry point:

E8, AA, 83, 00, 00, E9, 89, FE, FF, FF, B8, 2A, 86, 44, 00, A3, 10, 7A, 46, 00, C7, 05, 14, 7A, 46, 00, 20, 7D, 44, 00, C7, 05, 18, 7A, 46, 00, D4, 7C, 44, 00, C7, 05, 1C, 7A, 46, 00, 0D, 7D, 44, 00, C7, 05, 20, 7A, 46, 00, 76, 7C, 44, 00, A3, 24, 7A, 46, 00, C7, 05, 28, 7A, 46, 00, A2, 85, 44, 00, C7, 05, 2C, 7A, 46, 00, 92, 7C, 44, 00, C7, 05, 30, 7A, 46, 00, F4, 7B, 44, 00, C7, 05, 34, 7A, 46, 00, 80, 7B, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BB, 8E, 00, 00, DB... 
[+]

Code size:

330 KB (337,920 bytes)

The file mysearchs.exe has been discovered within the following program.

MySearchs by Montiera Technologies LTD

Pay-By-Ads from Montiera is a web browser search injector and hijacker which also includes an installer which bundles legitimate and open-sourced programs with offers for additional third party applications that may be unwanted by the user.

www.montiera.com

87% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ny1wv3280.xglobe.net (204.145.82.20:80)

Remove mysearchs.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.