Startpage24_Server.exe

Startpage24 Startpage

Link64 GmbH

The application Startpage24_Server.exe by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Startpage24 by Link64 which is a potentially unwanted software program.
Publisher:
Link 64 GmbH  (signed by Link64 GmbH)

Product:
Startpage24 Startpage

Description:
Startpage24

Version:
2.0.0.908

MD5:
006627eb9b76a0467df2ab6739da03f8

SHA-1:
068817c13d97a2c79dcea3dd96e0b43f61b53fbb

SHA-256:
a56f5c41737318480efab66b54db522f7ba761a437cba4fb27f13842d3be1a60

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 2:33:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Link64GmbH (M)
15.7.5.8

File size:
3.4 MB (3,561,264 bytes)

Product version:
2.0.0.908

Copyright:
(c) 2008-14 Link64 GmbH. All rights reserved.

Original file name:
Startpage24_Server.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\startpage24\plugin\startpage24_server.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
3/5/2015 1:00:00 AM

Valid to:
5/4/2017 1:59:59 AM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=Baden-Wuerttemberg, C=DE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
65CD89BFF8441FFA492CCEB690151ECA

File PE Metadata
Compilation timestamp:
6/22/2015 4:21:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:eD7OKp/9XIg/5gn/PbXsdhHqHw9k7f+0mr:+hp/tIC5gnHbcdhHqHw2r+F

Entry address:
0x4CA1C

Entry point:
E8, AE, 79, 00, 00, E9, 17, FE, FF, FF, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, 55, 8B, EC, 51, 51, 8D, 45, F8, 50, FF, 15, 98, D1, 66, 00, 8B, 45, F8, 8B, 4D, FC, 6A, 00, 05, 00, 80, C1, 2A, 68, 80, 96, 98, 00, 81, D1, 21, 4E, 62, FE, 51, 50, E8, 06, 7A, 00, 00, 8B, 4D, 08, 85, C9, 74, 05, 89, 01, 89, 51, 04, C9, C3, 55, 8B, EC, 56, 57, 8B, 7D, 10, 8B, C7, 83, E8, 00, 0F, 84, E5, 15, 00, 00, 48, 0F, 84, CD, 15, 00, 00, 48, 0F, 84, 98, 15, 00, 00, 48, 0F, 84...
 
[+]

Code size:
2.4 MB (2,539,520 bytes)

The file Startpage24_Server.exe has been discovered within the following program.

Startpage24  by Link64
This adware program that plugs into the user's web browser will hijack the home and search pages.
www.startpage24.com/webpage/en
68% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.link64.com  (82.98.209.173:80)

TCP (HTTP):
Connects to pc164.nero.com  (82.98.209.164:80)

TCP (HTTP):
Connects to lb-redirect.dns.boreus.de  (195.50.177.61:80)

TCP (HTTP):
Connects to a104-125-18-185.deploy.static.akamaitechnologies.com  (104.125.18.185:80)

TCP (HTTP):
Connects to a92-123-194-162.deploy.akamaitechnologies.com  (92.123.194.162:80)

TCP (HTTP):
Connects to a84-53-136-66.deploy.akamaitechnologies.com  (84.53.136.66:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-84-221-160.deploy.static.akamaitechnologies.com  (104.84.221.160:80)

TCP (HTTP):
Connects to lb-play-prod.dns.boreus.de  (195.50.176.74:80)

TCP (HTTP):
Connects to lb-wwwsde-http.dns.boreus.de  (195.50.176.88:80)

TCP (HTTP):
Connects to a95-101-82-73.deploy.akamaitechnologies.com  (95.101.82.73:80)

TCP (HTTP):
Connects to a92-123-194-148.deploy.akamaitechnologies.com  (92.123.194.148:80)

TCP (HTTP):
Connects to a92-123-194-123.deploy.akamaitechnologies.com  (92.123.194.123:80)

TCP (HTTP):
Connects to a23-32-119-218.deploy.static.akamaitechnologies.com  (23.32.119.218:80)

TCP (HTTP SSL):
Connects to wb-in-f82.1e100.net  (66.102.1.82:443)

TCP (HTTP):
Connects to public104493.xdsl.centertel.pl  (46.134.216.45:80)

TCP (HTTP):

TCP (HTTP):
Connects to a95-101-82-50.deploy.akamaitechnologies.com  (95.101.82.50:80)

TCP (HTTP):
Connects to a92-123-224-59.deploy.akamaitechnologies.com  (92.123.224.59:80)

TCP (HTTP):
Connects to a88-221-117-193.deploy.akamaitechnologies.com  (88.221.117.193:80)

Remove Startpage24_Server.exe - Powered by Reason Core Security