» onlysearch_1.3.8.11_cn.exe
Overview
Analysis
File Details

onlysearch_1.3.8.11_cn.exe

Pay-by-Ads Ltd

The application onlysearch_1.3.8.11_cn.exe by Pay-by-Ads has been detected as adware by 16 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Pay-by-Ads Ltd (signed and verified)

MD5:

bb3992f7a641db37790fd1b2c21a1734

SHA-1:

193486935368eda3ba896cd532060fb0e8366356

SHA-256:

eb21ad2c1dd046b5db519b3ab4bbe978f6837950c18d5abbda9cbff4ddcd1af2

Scanner detections:

16 / 68

Status:

Adware

Analysis date:

11/15/2024 8:41:16 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downloader

7.1.1

avast!

Win32:Malware-gen

2014.9-140927

AVG

Paybyads

2015.0.3397

Baidu Antivirus

Hacktool.Win32.Montiera

4.0.3.14927

Dr.Web

Trojan.DownLoader11.22262

9.0.1.05190

Fortinet FortiGate

Riskware/Montiera

9/27/2014

IKARUS anti.virus

not-a-virus:Downloader.Montiera

t3scan.1.7.5.0

Kaspersky

not-a-virus:Downloader.Win32.Montiera

14.0.0.3187

McAfee

Artemis!A5A597FABD84

5600.6994

NANO AntiVirus

Trojan.Win32.DownLoader11.dcoupy

0.28.2.61148

Panda Antivirus

Trj/Chgt.B

14.09.27.03

Qihoo 360 Security

Win32/Virus.Downloader.250

1.0.0.1015

Reason Heuristics

PUP.PaybyAds.T

14.8.7.23

Trend Micro House Call

Suspicious_GEN.F47V0807

7.2.270

Vba32 AntiVirus

Downloader.Montiera

3.12.26.3

VIPRE Antivirus

Montiera

32462

File size:

830.9 KB (850,864 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\latest\onlysearch_1.3.8.11_cn.exe

Digital Signature

Signed by:

Pay-by-Ads Ltd

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2013 4:45:20 AM

Valid to:

12/16/2014 6:54:24 AM

Subject:

CN=Pay-by-Ads Ltd, O=Pay-by-Ads Ltd, L=Tel aviv, C=IL

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B0FFF59FB803E

File PE Metadata

Compilation timestamp:

6/23/2014 6:27:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:HLMdEC0Ii8zF1a5v+dkG4M3xWBOAUNckS:HLMdEC0Oot+lSBOAUNA

Entry address:

0x12AB8

Entry point:

E8, 73, 6A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 10, B3, 42, 00, 00, 74, 05, E9, CF, 6A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83... 
[+]

Entropy:

7.8262 (probably packed)

Code size:

121.5 KB (124,416 bytes)

Remove onlysearch_1.3.8.11_cn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.