searchprotectgeneric6setup.exe

SearchProtect

The executable searchprotectgeneric6setup.exe has been detected as malware by 6 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from dl1.downserver4.com and multiple other hosts.
Publisher:
SearchProtect

Product:
SearchProtect

Version:
6.0

MD5:
4225c79b2c516d7b0391fe66e03c7c2a

SHA-1:
da0e4a94d31438a9a7a2a02985204fed6623df73

SHA-256:
b8dc03b2f1ee52a4fa66705dc52c7c70726a41913d903e24a6681c9d827c7b28

Scanner detections:
6 / 68

Status:
Malware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/25/2024 12:11:48 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-140812

K7 AntiVirus
Riskware
13.182.12951

McAfee
Artemis!4225C79B2C51
5600.7041

Qihoo 360 Security
Win32/Virus.Downloader.966
1.0.0.1015

Sophos
OutBrowse Revenyou
4.98

Trend Micro House Call
Suspicious_GEN.F47V0724
7.2.224

File size:
172.4 KB (176,539 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\searchprotectgeneric6setup.exe

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:egXdZt9P6D3XJT45RzMiwyj+enKph2BVXlxUP5JddHF4Qaoj:ee34xOz4teKpc7DUdxFZaoj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.7487

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file searchprotectgeneric6setup.exe has been seen being distributed by the following 2 URLs.

Remove searchprotectgeneric6setup.exe - Powered by Reason Core Security