home

onlysetup.exe

PayByAds ltd.

The application onlysetup.exe by PayByAds ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Pay By Ads LTD  (signed by PayByAds ltd.)

Version:
1.3.0.0

MD5:
106cd233c9d9db28191e48aae277899d

SHA-1:
2595d6375e3c0757468478f88fb639e0a9802ff2

SHA-256:
5bb313825e1a299c06588177f722ccb10a99de19d2e0792ec0e207cc59bbac9c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 3:59:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera.PayByAds.Installer (M)
16.6.16.18

File size:
423.9 KB (434,024 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\onlysearch\onlysearch\1.3.15.4\onlysetup.exe

Digital Signature
Signed by:
PayByAds ltd.

Authority:
COMODO CA Limited

Valid from:
7/27/2014 5:00:00 PM

Valid to:
7/28/2015 4:59:59 PM

Subject:
CN=PayByAds ltd., O=PayByAds ltd., STREET="Herbert Samuel, 46", L=Tel Aviv, S=Israel, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CA9E6FD9AC89FBB9BC192CA9530A98F5

File PE Metadata
Compilation timestamp:
10/23/2014 1:10:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:jzfQIwJCZmzLNnqNn1KVGTHyiwNgBXxfN0jTB+4Zi99RYTyCHniYQp1tEpMM4s01:PfQYZmHNnqNAVKoIN0jsCi9LCHKxsq

Entry address:
0x337E0

Entry point:
C6, 31, 85, B5, 73, 76, F4, 07, 2A, 86, 7B, DA, BB, 47, F5, 92, 44, A2, 09, F9, 1D, 9B, B0, 5D, 7A, A6, 63, E5, CF, FD, 74, 3E, BE, F5, AE, 7A, BC, 7C, 66, 62, 84, 68, EF, 40, 9A, ED, D9, CF, E4, FD, A5, 33, 0C, F5, E1, FF, AC, D8, DD, FB, 60, EB, 0E, 0F, D6, 17, DA, 25, 8F, 36, 59, E3, 2F, 51, A4, 3E, 7B, CA, 7C, 2D, 4E, 2F, 39, 67, 33, 0B, FD, E8, 02, 6E, 9E, 5C, F2, 6A, 94, 44, 82, 3A, D0, 91, 97, 6F, 70, 79, 64, 1D, 95, 90, C7, 22, F1, B7, 47, 47, BA, C7, EB, 9D, E4, E9, EF, EC, FB, 37, 60, 29, C1, 81...
 
[+]

Entropy:
7.8129  (probably packed)

Code size:
294 KB (301,056 bytes)

Remove onlysetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.