search_installer.exe

The application search_installer.exe has been detected as adware by 7 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i1.securemyfun.info and multiple other hosts.
MD5:
75d8a6ea2c6a965111cd8fb874dac1ad

SHA-1:
fb29299e5247882c19a0e57ba57760cc9adcb959

SHA-256:
b51eb88286e398c5b95c00c7c9a898f37681d097f94518cb59161f22b7ad3411

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/26/2024 1:40:09 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1413

Bkav FE
HW32.Stranacty
1.3.0.4613

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.2.29

McAfee
Artemis!75D8A6EA2C6A
5600.7261

Reason Heuristics
Adware.SInstaller.Q
14.2.20.23

Trend Micro House Call
TROJ_GEN.F47V0527
7.2.3

ViRobot
Backdoor.Win32.A.Ceckno.946688
2011.4.7.4223

File size:
924.5 KB (946,688 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\search_installer.exe

File PE Metadata
Compilation timestamp:
5/12/2013 1:17:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:czt0muPqNpBO+FZPGn7alO/eCKHfi+aqCMjPutq:cehyNptJGn7al4eLlaqDuo

Entry address:
0xA1A67

Entry point:
E8, 26, D1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, DC, B3, 4D, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 44, 5D, 4D, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, DC, B3, 4D, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03...
 
[+]

Code size:
752 KB (770,048 bytes)

The file search_installer.exe has been seen being distributed by the following 3 URLs.

Remove search_installer.exe - Powered by Reason Core Security