home

searchgo.exe

Searchgo

The application searchgo.exe, “Searchgo component” has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from robyego.ru. While running, it connects to the Internet address ip-172-26-136-19.ec2.internal on port 80 using the HTTP protocol.
Publisher:
Searchgo

Product:
Searchgo

Description:
Searchgo component

Version:
1.0.0.186

MD5:
64a8157837d5df49827f232f1295dec2

SHA-1:
6fd7108b4e3a9f274c5cd2580c0b9577ca5a5192

SHA-256:
e413d0e6f2d6d240cfe755be6636a47628251014b38fdd12e1f47d2e376f8514

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 9:09:08 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160327-1

Emsisoft Anti-Malware
Gen:Trojan.Heur2.JP.zu0@aq7OK8mi
11.5.0.6191

ESET NOD32
Win32/Adware.SearchGo.A application
8.0.319.0

McAfee
Trojan.Artemis!64A8157837D5
18.0.204.0

File size:
405.5 KB (415,232 bytes)

Product version:
1.0.0.186

Copyright:
Copyright Searchgo LLC © 2016

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\searchgo.exe

File PE Metadata
Compilation timestamp:
4/5/2016 7:33:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:7p2x78on/QfsQsNfxjBo8kRVXSZeQkVDBQaiCMX5+7GEUw9OL:7p2x78o/QEPNfA8shoUDBtbg5+RkL

Entry address:
0x291A7

Entry point:
E8, 0E, C4, 00, 00, E9, 7F, FE, FF, FF, E8, FF, 7F, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 34, 1F, 45, 00, 74, 10, 8B, 0D, F8, 1F, 45, 00, 85, 4A, 70, 75, 05, E8, 9C, 76, 00, 00, 8B, 40, 04, C3, E8, D9, 7F, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 34, 1F, 45, 00, 74, 10, 8B, 0D, F8, 1F, 45, 00, 85, 4A, 70, 75, 05, E8, 76, 76, 00, 00, 8B, 40, 08, C3, E8, B3, 7F, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 34, 1F, 45, 00, 74, 10, 8B, 0D, F8, 1F, 45, 00, 85, 4A, 70, 75, 05, E8, 50, 76, 00, 00, 05, A0, 00, 00, 00, C3, E8, 8B...
 
[+]

Code size:
263 KB (269,312 bytes)

The file searchgo.exe has been seen being distributed by the following URL.

http://robyego.ru/searchgo.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-172-26-136-19.ec2.internal  (172.26.136.19:80)

TCP (HTTP):
Connects to h88-150-135-234.host.redstation.co.uk  (88.150.135.234:80)

Remove searchgo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.