securesearch_1.8.21.15_N.exe

securesearch

Montera Technologeis LTD

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application securesearch_1.8.21.15_N.exe, “Securesearch toolbar ” by Montera Technologeis has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from temp.montiera.com.
Publisher:
Lavasoft  (signed by Montera Technologeis LTD)

Product:
securesearch

Description:
Securesearch toolbar

Version:
1.8.21.15

MD5:
6c56ff277e9dfb9e9d6a6fddd69223c2

SHA-1:
b14561315adf46a4cacae426315d1867251cfad1

SHA-256:
7cadd4eac275b947a23590c6b08917cefac695216e1caf1b11aa78a840621a0c

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
11/15/2024 12:34:49 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADSPY/AdSpy.Gen
7.11.104.28

Boost by Reason
Adware.Toolbar.Montera.V
2013.8.28.0

Dr.Web
Adware.Downware.837
9.0.1.0240

ESET NOD32
Win32/Toolbar.Montiera
7.8836

Reason Heuristics
PUP.Toolbar.Montera.V
14.8.7.19

Trend Micro House Call
TROJ_GEN.R0CBH01G113
7.2.240

Vba32 AntiVirus
AdWare.DelBar
3.12.24.2

File size:
1.6 MB (1,679,144 bytes)

Copyright:
Lavasoft

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\securesearch_1.8.21.15_n.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/3/2013 5:00:00 PM

Valid to:
6/4/2014 4:59:59 PM

Subject:
CN=Montera Technologeis LTD, O=Montera Technologeis LTD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
263C38E0402CCF0F902FDFFA54E20AD6

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:kph9D4E/Cf6RXwOsudqVJ6amEXJnuIEiDr/X:AZ4EzldqZQiDDX

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9946

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file securesearch_1.8.21.15_N.exe has been seen being distributed by the following URL.

Remove securesearch_1.8.21.15_N.exe - Powered by Reason Core Security