» apr1fix_3397_cor_mystartsearch.exe
Overview
Analysis
File Details

apr1fix_3397_cor_mystartsearch.exe

3397_cor_mystartsearch

Li Mo

The application apr1fix_3397_cor_mystartsearch.exe by Li Mo has been detected as adware by 18 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Spy union (signed by Li Mo)

Product:

3397_cor_mystartsearch

Description:

Spy union

Version:

6.4.7603.1012

MD5:

b8ace0283f67a13d76202251569cad92

SHA-1:

e5dbb927e8ff45dae6af70cac6179de8ce231942

SHA-256:

f83ddcf06e26476ff785683af189abad8e86f15dbc9403436202f49be253b376

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/11/2024 7:44:09 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Elex.1

671

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.06.11

Avira AntiVirus

TR/LiMo.405880.1

3.6.1.96

Arcabit

Application.Elex.1

1.0.0.425

Baidu Antivirus

PUA.Win32.LiMo

4.0.3.1545

Bitdefender

Gen:Application.Elex.1

1.0.20.475

Emsisoft Anti-Malware

Gen:Application.Elex

8.15.04.05.04

ESET NOD32

Win32/ELEX.EC potentially unwanted application

9.7.0.302.0

F-Secure

Riskware.Gen:Application.Elex.1

11.2015-05-04_1

G Data

Gen:Application.Elex

15.4.25

herdProtect (fuzzy)

variant of mar30_3395_cor_do-search.exe

2015.7.9.5

Malwarebytes

PUP.Optional.MyStartSearch.A

v2015.04.05.05

MicroWorld eScan

Gen:Application.Elex.1

16.0.0.285

Norman

Gen:Application.Elex.1

11.20150709

Qihoo 360 Security

Win32/Trojan.IM.c8a

1.0.0.1015

Reason Heuristics

PUP.Liyan Liu

15.4.5.4

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

File size:

396.4 KB (405,880 bytes)

Product version:

6.4.7603.1012

Spy union

Original file name:

ComEntCount.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\4819183_stp\apr1fix_3397_cor_mystartsearch.exe

Digital Signature

Signed by:

Li Mo

Authority:

DigiCert Inc

Valid from:

8/4/2014 1:00:00 AM

Valid to:

8/12/2015 1:00:00 PM

Subject:

CN=Li Mo, O=Li Mo, L=Guilin, S=Guangxi, C=CN

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0226284B6EE43FB2E43A2888B7D5BA02

File PE Metadata

Compilation timestamp:

3/27/2015 9:15:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:V2B9yUBwHbFvORmB3VJ14vFpS4J19oJmm:V2B9yUS79OMBRcpbJ19Qmm

Entry address:

0x2D4E6

Entry point:

E8, 00, BE, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, 38, 45, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 8D, 45, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00... 
[+]

Entropy:

6.5493

Code size:

278 KB (284,672 bytes)

Remove apr1fix_3397_cor_mystartsearch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.