» whtsmksetup.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

whtsmksetup.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application whtsmksetup.exe by Montiera Technologies has been detected as adware by 15 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Whitesmoke Search Protect by whitesmoke. This file is typically installed with the program Whitesmoke Search Protect by WhiteSmoke which is a potentially unwanted software program.

File name:

whtsmksetup.exe

Publisher:

Pay By Ads LTD (signed by Montiera Technologies LTD)

Version:

1.3.0.0

MD5:

d4db46034cf02f2b616b14de9cbdbd5e

SHA-1:

84004418598757db7f38c06574b07afbfc16b8fe

SHA-256:

d3bcfa4646e4fdb0610abc5a7d27b83a68d3f135cc98e632340236162568e840

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

11/5/2024 4:32:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.534379

467

AVG

Montiera

2016.0.2945

Baidu Antivirus

PUA.Win32.Montiera

4.0.3.151025

Bitdefender

Gen:Variant.Kazy.534379

1.0.20.1490

Bkav FE

W32.HfsAdware

1.3.0.6379

Emsisoft Anti-Malware

Gen:Variant.Kazy.534379

8.15.10.25.04

ESET NOD32

Win32/Toolbar.Montiera.R potentially unwanted (variant)

9.11244

F-Secure

Gen:Variant.Kazy.534379

11.2015-25-10_1

G Data

Gen:Variant.Kazy.534379

15.10.25

Malwarebytes

PUP.Optional.WhiteSmoke.A

v2015.10.25.04

McAfee

Artemis!D4DB46034CF0

5600.6601

MicroWorld eScan

Gen:Variant.Kazy.534379

16.0.0.894

Reason Heuristics

PUP.Montiera.MontieraTechnologies.Installer (M)

15.10.25.16

Sophos

PayByAds

4.98

VIPRE Antivirus

Montiera

37964

File size:

383.4 KB (392,584 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\whitesmoke\whitesmoke\1.3.12.5\whtsmksetup.exe

Digital Signature

Signed by:

Montiera Technologies LTD

Authority:

COMODO CA Limited

Valid from:

7/22/2014 8:00:00 PM

Valid to:

7/23/2015 7:59:59 PM

Subject:

CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata

Compilation timestamp:

8/31/2014 1:26:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:gnSVzE608NCWQhhkl+TCBHpCM8oQoDZvwqeTGBEK3NJ+qaNQBcjlt13P0:+SVw63NCWwkl+TKHpCfoQo9vwqeTGqKx

Entry address:

0x2E0D0

Entry point:

E8, 35, 74, 00, 00, E9, 89, FE, FF, FF, B8, 4F, 60, 43, 00, A3, A0, 50, 45, 00, C7, 05, A4, 50, 45, 00, 45, 57, 43, 00, C7, 05, A8, 50, 45, 00, F9, 56, 43, 00, C7, 05, AC, 50, 45, 00, 32, 57, 43, 00, C7, 05, B0, 50, 45, 00, 9B, 56, 43, 00, A3, B4, 50, 45, 00, C7, 05, B8, 50, 45, 00, C7, 5F, 43, 00, C7, 05, BC, 50, 45, 00, B7, 56, 43, 00, C7, 05, C0, 50, 45, 00, 19, 56, 43, 00, C7, 05, C4, 50, 45, 00, A5, 55, 43, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 23, 7F, 00, 00, DB... 
[+]

Entropy:

6.3516

Code size:

262.5 KB (268,800 bytes)

Program Uninstaller

Program name:

Whitesmoke Search Protect

Display publisher:

whitesmoke

Uninstall string:

"C:\users\{user}\appdata\local\whitesmoke\whitesmoke\1.3.12.5\whtsmksetup.exe" \uninstl

The file whtsmksetup.exe has been discovered within the following program.

Whitesmoke Search Protect by WhiteSmoke

82% remove it

Remove whtsmksetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.