» ProtectedSearch.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

ProtectedSearch.exe

ProtectedSearch

Simply Tech Ltd

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The application ProtectedSearch.exe by Simply Tech has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Widdit Setup installer. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Surf Canyon 5.1 by Surf Canyon which is a potentially unwanted software program.

File name:

ProtectedSearch.exe

Publisher:

Simplygen (signed by Simply Tech Ltd)

Product:

ProtectedSearch

Version:

1.0.0.0

MD5:

dea62bce2b40fe8c4e4e83a479a36887

SHA-1:

3cbedaf2ef5bf0165282cd20804b840051b36f0d

SHA-256:

5dc065467dbab29ea9638ce1325b90204cb6bcdea4feacc93af63b244de52f69

Scanner detections:

5 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

1/9/2025 5:47:43 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.127.98

Boost by Reason

Optional.Task.SimplyTech.P

188838

Dr.Web

Adware.Searcher.2591

9.0.1.0353

Reason Heuristics

PUP.Task.SimplyTech.P

14.8.7.19

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10783

File size:

87.1 KB (89,160 bytes)

Product version:

1.0.0.0

Original file name:

ProtectedSearch.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Widdit Setup

Language:

Language Neutral

Common path:

C:\Program Files\hometab\protectedsearch.exe

Digital Signature

Signed by:

Simply Tech Ltd

Authority:

COMODO CA Limited

Valid from:

4/3/2012 9:00:00 PM

Valid to:

4/4/2014 8:59:59 PM

Subject:

CN=Simply Tech Ltd, O=Simply Tech Ltd, STREET=10 Zarhin street, L=Raanana, S=Raanana, PostalCode=43662, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1FC78D842B3886BB8D32517578F7489C

File PE Metadata

Compilation timestamp:

11/4/2013 10:20:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:kvDwP9P6aul8+jPDeodM5/lXZb+oS3dSAyplaWlO9jqXhuFGfD1ah:kSduN/BAXPS3dfCtlO9jVFiD1

Entry address:

0x1509E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

76.5 KB (78,336 bytes)

Scheduled Task

Task name:

Protected Search

Path:

\ProtectedSearch\Protected Search

Trigger:

Logon (Runs on logon)

The file ProtectedSearch.exe has been discovered within the following program.

Surf Canyon 5.1 by Surf Canyon

Publisher's description - “Find stuff faster on Google, Yahoo! and Bing by digging out search results from as deep as page 100. Surf Canyon automates the discovery of relevant results buried in the search pages on Google, Yahoo! and Bing. It also adds image previews to Craigslist.”

www.surfcanyon.com

74% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to crl.comodoca.com.cdn.cloudflare.net (178.255.83.2:80)

Remove ProtectedSearch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.