» buenosearch.exe
Overview
Analysis
File Details
Programs (1)

buenosearch.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application buenosearch.exe by Montiera Technologies has been detected as adware by 15 anti-malware scanners. This file is typically installed with the program Buenosearch by Pay-by-Ads Ltd which is a potentially unwanted software program. It is also typically executed from the user's temporary directory.

File name:

buenosearch.exe

Publisher:

Pay By Ads LTD (signed by Montiera Technologies LTD)

Version:

1.3.0.0

MD5:

382ea84f8ce35d4e6beb366f09acdfc3

SHA-1:

1b9e48e8dc82af5fa9b99e45333c875aa4a84c18

SHA-256:

5c2396a03ba3ab5a8dd4e69811b5e55efed27b4b13cb594a4920b77e7258eb26

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

5/5/2024 5:47:49 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Drop.Softomat.AN

7.11.30.172

AVG

Montiera

2016.0.3228

Baidu Antivirus

PUA.Win32.Montiera

4.0.3.14813

ESET NOD32

Win32/Toolbar.Montiera (variant)

8.10232

herdProtect (fuzzy)

variant of onlysearch.exe (Adware)

2014.10.23.22

K7 AntiVirus

Unwanted-Program

13.191.14658

Kaspersky

not-a-virus:WebToolbar.Win32.Montiera

14.0.0.3172

Malwarebytes

PUP.Optional.PayByAds.A

v2014.08.13.12

McAfee

Artemis!382EA84F8CE3

5600.6884

Panda Antivirus

Trj/Chgt.B

14.09.30.02

Reason Heuristics

PUP.Montiera.MontieraTechnologies

15.1.16.1

Sophos

Generic PUA MA

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10281

Trend Micro House Call

Suspicious_GEN.F47V0808

7.2.273

VIPRE Antivirus

Montiera

32094

File size:

530.9 KB (543,624 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\buenosearch.exe

Digital Signature

Signed by:

Montiera Technologies LTD

Authority:

COMODO CA Limited

Valid from:

7/23/2014 2:00:00 AM

Valid to:

7/24/2015 1:59:59 AM

Subject:

CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata

Compilation timestamp:

7/29/2014 9:02:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:UamxmKxJ5SD1ZycgU7YPWlbDr92C2EklQYQLPtV0DztyLkMqVRoZs:4oQWhpFEl/QLPtVIyoMaoZs

Entry address:

0x3E8D6

Entry point:

E8, AA, 83, 00, 00, E9, 89, FE, FF, FF, B8, CA, 77, 44, 00, A3, 10, 6A, 46, 00, C7, 05, 14, 6A, 46, 00, C0, 6E, 44, 00, C7, 05, 18, 6A, 46, 00, 74, 6E, 44, 00, C7, 05, 1C, 6A, 46, 00, AD, 6E, 44, 00, C7, 05, 20, 6A, 46, 00, 16, 6E, 44, 00, A3, 24, 6A, 46, 00, C7, 05, 28, 6A, 46, 00, 42, 77, 44, 00, C7, 05, 2C, 6A, 46, 00, 32, 6E, 44, 00, C7, 05, 30, 6A, 46, 00, 94, 6D, 44, 00, C7, 05, 34, 6A, 46, 00, 20, 6D, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BB, 8E, 00, 00, DB... 
[+]

Code size:

326.5 KB (334,336 bytes)

The file buenosearch.exe has been discovered within the following program.

Buenosearch by Pay-by-Ads Ltd

Buenosearch is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page. The ads are injected by the web browser plugin and will display on any web site, even those not associated or affiliated with the publisher.

82% remove it

Remove buenosearch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.