home

onlysearch.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application onlysearch.exe by Montiera Technologies has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Only-search by Pay-by-Ads Ltd which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address NY1WV3659 on port 80 using the HTTP protocol.
Publisher:
Pay By Ads LTD  (signed by Montiera Technologies LTD)

Version:
1.3.0.0

MD5:
fec0faf42dd48d39fb8073b7e3bfc085

SHA-1:
3c9aa48616b633cf672f9f43610ee125e078b834

SHA-256:
d1e912a1597d2e6e1998a2d67386973565b7a095f88eb8e7c93050ffe8a5679c

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
11/27/2024 12:21:08 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-150116

AVG
Montiera
2015.0.3312

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.14812

ESET NOD32
Win32/Toolbar.Montiera.L potentially unwanted application
8.7.0.302.0

herdProtect (fuzzy)
variant of dsrlte.exe (Adware)
2014.10.23.15

K7 AntiVirus
Unwanted-Program
13.191.14658

Kaspersky
not-a-virus:WebToolbar.Win32.Montiera
14.0.0.3172

Malwarebytes
PUP.Optional.PayByAds.A
v2014.08.12.10

McAfee
Artemis!FEC0FAF42DD4
5600.6884

Panda Antivirus
Trj/Chgt.B
14.09.30.02

Reason Heuristics
PUP.Montiera.MontieraTechnologies
15.1.16.1

Sophos
Generic PUA MA
4.98

Trend Micro House Call
Suspicious_GEN.F47V0808
7.2.273

VIPRE Antivirus
Threat.4791856
32210

File size:
530.9 KB (543,624 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\onlysearch.exe

Digital Signature
Signed by:
Montiera Technologies LTD

Authority:
COMODO CA Limited

Valid from:
7/22/2014 7:00:00 PM

Valid to:
7/23/2015 6:59:59 PM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
7/29/2014 2:02:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:VamxmKxJ5SD1ZycgU7YPWlbDr92C2EklQYQLPtV0DztyLkMqhRohs:xoQWhpFEl/QLPtVIyoM6ohs

Entry address:
0x3E8D6

Entry point:
E8, AA, 83, 00, 00, E9, 89, FE, FF, FF, B8, CA, 77, 44, 00, A3, 10, 6A, 46, 00, C7, 05, 14, 6A, 46, 00, C0, 6E, 44, 00, C7, 05, 18, 6A, 46, 00, 74, 6E, 44, 00, C7, 05, 1C, 6A, 46, 00, AD, 6E, 44, 00, C7, 05, 20, 6A, 46, 00, 16, 6E, 44, 00, A3, 24, 6A, 46, 00, C7, 05, 28, 6A, 46, 00, 42, 77, 44, 00, C7, 05, 2C, 6A, 46, 00, 32, 6E, 44, 00, C7, 05, 30, 6A, 46, 00, 94, 6D, 44, 00, C7, 05, 34, 6A, 46, 00, 20, 6D, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BB, 8E, 00, 00, DB...
 
[+]

Entropy:
6.5479

Code size:
326.5 KB (334,336 bytes)

The file onlysearch.exe has been discovered within the following program.

Only-search  by Pay-by-Ads Ltd
OnlySearch is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

TCP (HTTP):
Connects to NY1WV3438  (204.145.82.24:80)

TCP (HTTP):
Connects to ny1wv3283.xglobe.net  (204.145.82.23:80)

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

Remove onlysearch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.