searcharmor.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application searcharmor.exe by Montiera Technologies has been detected as a potentially unwanted program by 16 anti-malware scanners. This file is typically installed with the program Search Armor by Montiera Technologies LTD which is a potentially unwanted software program.
Publisher:
Montiera Technologies LTD  (signed and verified)

MD5:
2a8709652c64a0f9ee167fb143de8c62

SHA-1:
af01e597dc6f505df51483c74a335dcc0dfd132b

SHA-256:
f7f1eb6f2969fd5739571f1eec86c3a48cbd2d0b20f2d5a031080104cbadcdde

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 1:31:22 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

avast!
Win32:Malware-gen
2014.9-140927

AVG
Montiera
2015.0.3338

Baidu Antivirus
Hacktool.Win32.Montiera
4.0.3.14927

Dr.Web
Trojan.DownLoader11.22262
9.0.1.05190

Fortinet FortiGate
Riskware/Montiera
9/27/2014

IKARUS anti.virus
not-a-virus:Downloader.Montiera
t3scan.1.7.5.0

Kaspersky
not-a-virus:Downloader.Win32.Montiera
14.0.0.3187

McAfee
Artemis!A5A597FABD84
5600.6994

NANO AntiVirus
Trojan.Win32.DownLoader11.dcoupy
0.28.2.61349

Panda Antivirus
Trj/Chgt.B
14.09.27.03

Qihoo 360 Security
Win32/Virus.Downloader.250
1.0.0.1015

Reason Heuristics
PUP.MontieraTechnologies.L
14.8.6.22

Trend Micro House Call
Suspicious_GEN.F47V0807
7.2.270

Vba32 AntiVirus
Downloader.Montiera
3.12.26.3

VIPRE Antivirus
Threat.4791856
31208

File size:
846.9 KB (867,208 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\searcharmor\searcharmor.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/22/2014 7:00:00 PM

Valid to:
7/23/2015 6:59:59 PM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
7/25/2014 8:34:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:sotuQ8dWISGEdqM46OyfbiL3u69TjH/X9Y118UKsFdSgjBX9hwTCz1/HJuJPG5iT:srdVSGEnOyfbKl0lCTCfSS+91nB

Entry address:
0x12B48

Entry point:
E8, 73, 6A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 10, B3, 42, 00, 00, 74, 05, E9, CF, 6A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83...
 
[+]

Entropy:
7.8187  (probably packed)

Code size:
121.5 KB (124,416 bytes)

The file searcharmor.exe has been discovered within the following program.

Search Armor  by Montiera Technologies LTD
Search Armor is an Internet toolbar/plugin (for Internet Explorer it runs as a BHO, in Chrome and Firefox it will run as an extension) that plugs into the user's default web browser and will modify a number of settings such as taking control of the browser's search and home pages, new tab functionality as well as DNS 'not found' redirection.
80% remove it
 
Powered by Should I Remove It?

Remove searcharmor.exe - Powered by Reason Core Security