» adv_76.exe
Overview
Analysis
File Details

adv_76.exe

3419_ima_mystartsearch

Shulan Hou

The application adv_76.exe by Shulan Hou has been detected as adware by 12 anti-malware scanners.

File name:

adv_76.exe

Publisher:

HTabp.com (signed by Shulan Hou)

Product:

3419_ima_mystartsearch

Description:

HTabp

Version:

6.6.86.1602

MD5:

b830170a533c0e3745bade092c16c2e6

SHA-1:

657e5839e135b474308c6cc14da50218450aaf5d

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

11/5/2025 11:16:59 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

Generic

2016.0.3114

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.1551

Bkav FE

W32.HfsAdware

1.3.0.6979

Dr.Web

Adware.Mutabaha.361

9.0.1.0121

ESET NOD32

Win32/ELEX.CL potentially unwanted

9.11870

Fortinet FortiGate

Riskware/Elex

5/9/2015

herdProtect (fuzzy)

variant of mystartsearch_slb2_1906--2139aad5.exe (Adware)

2015.7.31.10

K7 AntiVirus

Adware

13.205.16417

Malwarebytes

PUP.Optional.MyStartSearch.A

v2015.07.31.10

Reason Heuristics

Threat.Ma Lin.ShulanHou

15.5.1.15

VIPRE Antivirus

Trojan.Win32.Generic

41610

File size:

575.6 KB (589,408 bytes)

Product version:

6.6.86.1602

Original file name:

HTabp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\adv_76.exe

Digital Signature

Signed by:

Shulan Hou

Authority:

DigiCert Inc

Valid from:

12/23/2014 10:00:00 PM

Valid to:

1/6/2016 10:00:00 AM

Subject:

CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F2577198BBF58AC5F13AC0B95180508

File PE Metadata

Compilation timestamp:

3/27/2015 2:43:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:GsXC31Ob9GKmLkkZ93UWkBfJS59pqyTh+SW5hSkTOLCtl:Gsk1Ob0vLkI3UfM9wyTh+9jbTOKl

Entry address:

0x188F1

Entry point:

E8, 2A, CD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, F2, DA, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 5F, 49, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 50, AC, 47, 00, 74, 12, 8B, 0D, 04, AA, 47, 00, 85, 48, 70, 75, 07, E8, 70, 88, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, E8, B2, 47, 00, 74, 16, 8B, 46, 08, 8B, 0D, 04, AA, 47, 00... 
[+]

Code size:

394 KB (403,456 bytes)

Remove adv_76.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.