mysearchs.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application mysearchs.exe by Montiera Technologies has been detected as adware by 24 anti-malware scanners. This file is typically installed with the program MySearchs by Montiera Technologies LTD which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.
Publisher:
Pay By Ads LTD  (signed by Montiera Technologies LTD)

Version:
1.3.0.0

MD5:
4ed4ac0a1088e46ecb2f2f6d38b6e361

SHA-1:
c039393c0cc7d0d2ffe2a3b98d11a341066076f6

SHA-256:
16be1b1e345c66eaee974d564bd3d41d0883387a631128f19e77dc25a1a638a1

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
11/23/2024 8:12:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.74968
750

Avira AntiVirus
TR/Drop.Softomat.AN
7.11.30.172

AVG
Montiera
2016.0.3228

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.14811

Bitdefender
Gen:Variant.Strictor.74968
1.0.20.80

Comodo Security
ApplicUnwnt
20715

Emsisoft Anti-Malware
Gen:Variant.Strictor.74968
8.15.01.16.01

ESET NOD32
Win32/Toolbar.Montiera (variant)
8.10232

Fortinet FortiGate
Riskware/Montiera
1/16/2015

F-Secure
Gen:Variant.Strictor.74968
11.2015-16-01_6

G Data
Gen:Variant.Strictor.74968
15.1.24

herdProtect (fuzzy)
2014.10.17.3

K7 AntiVirus
Trojan
13.191.14645

Kaspersky
not-a-virus:WebToolbar.Win32.Montiera
14.0.0.3423

Malwarebytes
PUP.Optional.PayByAds.A
v2014.08.11.10

McAfee
Artemis!4ED4AC0A1088
5600.6884

MicroWorld eScan
Gen:Variant.Strictor.74968
16.0.0.48

Panda Antivirus
Trj/Chgt.B
14.08.11.10

Reason Heuristics
PUP.Montiera.MontieraTechnologies
15.1.16.1

Sophos
Generic PUA MA
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10295

Trend Micro House Call
Suspicious_GEN.F47V0808
7.2.223

VIPRE Antivirus
Montiera
32094

Zillya! Antivirus
Adware.Montiera.Win32.3
2.0.0.2035

File size:
534.4 KB (547,208 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\mysearchs.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/23/2014 2:00:00 AM

Valid to:
7/24/2015 1:59:59 AM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
8/4/2014 4:20:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:P4dmrsRivfB3nA74Y7hCEj1KqqLlH9Oi/DlYdTBFRH2hDgRok5Z:1KHAldOi/Dl6FRWhsoc

Entry address:
0x3F736

Entry point:
E8, AA, 83, 00, 00, E9, 89, FE, FF, FF, B8, 2A, 86, 44, 00, A3, 10, 7A, 46, 00, C7, 05, 14, 7A, 46, 00, 20, 7D, 44, 00, C7, 05, 18, 7A, 46, 00, D4, 7C, 44, 00, C7, 05, 1C, 7A, 46, 00, 0D, 7D, 44, 00, C7, 05, 20, 7A, 46, 00, 76, 7C, 44, 00, A3, 24, 7A, 46, 00, C7, 05, 28, 7A, 46, 00, A2, 85, 44, 00, C7, 05, 2C, 7A, 46, 00, 92, 7C, 44, 00, C7, 05, 30, 7A, 46, 00, F4, 7B, 44, 00, C7, 05, 34, 7A, 46, 00, 80, 7B, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BB, 8E, 00, 00, DB...
 
[+]

Code size:
330 KB (337,920 bytes)

The file mysearchs.exe has been discovered within the following program.

MySearchs  by Montiera Technologies LTD
Pay-By-Ads from Montiera is a web browser search injector and hijacker which also includes an installer which bundles legitimate and open-sourced programs with offers for additional third party applications that may be unwanted by the user.
www.montiera.com
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

Remove mysearchs.exe - Powered by Reason Core Security