home

searcharmor.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application searcharmor.exe by Montiera Technologies has been detected as adware by 13 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event.
Publisher:
Pay By Ads LTD  (signed by Montiera Technologies LTD)

Version:
1.3.0.0

MD5:
17042647dc9cd169c58c15763aa74793

SHA-1:
f646a4e592edcdc46427ef67124075ce5955e60b

SHA-256:
283de7cf36e69305c476735999d4446faf46241c2a3545e8f808ce662e5d7751

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/23/2024 8:03:35 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Montiera
2016.0.3228

Baidu Antivirus
PUA.Win32.Montiera
4.0.3.1486

ESET NOD32
Win32/Toolbar.Montiera (variant)
8.10213

Fortinet FortiGate
Riskware/Montiera
1/16/2015

K7 AntiVirus
Trojan
13.183.13113

Kaspersky
not-a-virus:WebToolbar.Win32.Montiera
14.0.0.3172

Malwarebytes
PUP.Optional.PayByAds.A
v2014.08.06.09

McAfee
Artemis!17042647DC9C
5600.6884

Panda Antivirus
Trj/Chgt.B
14.09.30.02

Reason Heuristics
PUP.Task.Montiera
15.1.16.1

Sophos
Generic PUA MA
4.98

Trend Micro House Call
Suspicious_GEN.F47V0808
7.2.273

VIPRE Antivirus
Montiera
31978

File size:
540.4 KB (553,352 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\searcharmor\searcharmor\1.3.10.3\searcharmor.exe

Digital Signature
Signed by:
Montiera Technologies LTD

Authority:
COMODO CA Limited

Valid from:
7/22/2014 7:00:00 PM

Valid to:
7/23/2015 6:59:59 PM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
7/30/2014 11:30:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:rQU9si3tfOSzUuDsAW+AIKdzWNIuVWwNYPIVXA4g6joYVtRoOV:PUJMLVWwNYPIVM6jHVroOV

Entry address:
0x3E926

Entry point:
E8, AA, 83, 00, 00, E9, 89, FE, FF, FF, B8, 1A, 78, 44, 00, A3, 10, 6A, 46, 00, C7, 05, 14, 6A, 46, 00, 10, 6F, 44, 00, C7, 05, 18, 6A, 46, 00, C4, 6E, 44, 00, C7, 05, 1C, 6A, 46, 00, FD, 6E, 44, 00, C7, 05, 20, 6A, 46, 00, 66, 6E, 44, 00, A3, 24, 6A, 46, 00, C7, 05, 28, 6A, 46, 00, 92, 77, 44, 00, C7, 05, 2C, 6A, 46, 00, 82, 6E, 44, 00, C7, 05, 30, 6A, 46, 00, E4, 6D, 44, 00, C7, 05, 34, 6A, 46, 00, 70, 6D, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BB, 8E, 00, 00, DB...
 
[+]

Entropy:
6.5514

Code size:
326.5 KB (334,336 bytes)

Scheduled Task
Task name:
Search Armor

Trigger:
Time (Next runs on 8/6/2014 at 8:55 PM)


Remove searcharmor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.