home

dae_do-search.exe

4968_dae_do-search

Giner Tech Inc

The application dae_do-search.exe by Giner Tech Inc has been detected as adware by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Giner Tech Inc  (signed and verified)

Product:
4968_dae_do-search

Description:
Installer Module

Version:
1.0.0.2

MD5:
b2c024c3b1ee5c08632e490d2056398a

SHA-1:
1adb4add5cb3870e470a974e47b7c90876e3d70f

SHA-256:
468a479c8bf55b85b74063455005c192efbd85156024a6d146294912f9e8bb11

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
6/2/2024 10:27:03 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Mutabaha.802
9.0.1.0297

ESET NOD32
Win32/ELEX.FK potentially unwanted (variant)
9.12442

F-Secure
Gen:Variant.Application.Jatif
11.2015-24-10_7

Malwarebytes
PUP.Optional.IStartSurf.ShrtCln
v2015.10.24.04

Reason Heuristics
PUP.Thinknice.GinerTech.Installer (M)
15.10.23.4

VIPRE Antivirus
Trojan.Win32.Generic
44710

File size:
538.6 KB (551,560 bytes)

Product version:
1.0.0.2

Copyright:
Copyright 2015

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\dae_do-search.exe

Digital Signature
Signed by:
Giner Tech Inc

Authority:
GlobalSign nv-sa

Valid from:
10/19/2015 1:31:10 AM

Valid to:
12/2/2015 2:23:38 AM

Subject:
CN=Giner Tech Inc, O=Giner Tech Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112106B3EDF5DE21FE5DD0E0F44EB00F51DB

File PE Metadata
Compilation timestamp:
10/15/2015 2:39:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ROadwD+OFIWCCCwOvmBU5SWCN17GfEuvFM4OrPBWaD2WXN9ihrrrrso:9EwgWCOEuvFM4+saDvXN9iCo

Entry address:
0x2EF57

Entry point:
E8, C7, AD, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 85, FF, 74, 13, 8B, 4D, 0C, 85, C9, 74, 0C, 8B, 55, 10, 85, D2, 75, 1A, 33, C0, 66, 89, 07, E8, 64, 27, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, 2E, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, F7, 66, 83, 3E, 00, 74, 06, 83, C6, 02, 49, 75, F4, 85, C9, 74, D4, 2B, F2, 0F, B7, 02, 66, 89, 04, 16, 8D, 52, 02, 66, 85, C0, 74, 03, 49, 75, EE, 33, C0, 85, C9, 75, D0, 66, 89, 07, E8, 20, 27, 00, 00, 6A, 22, EB, BA, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74...
 
[+]

Code size:
346.5 KB (354,816 bytes)

The file dae_do-search.exe has been seen being distributed by the following URL.

https://d2drfrdurj6mvo.cloudfront.net/.../dae_do-search.exe

Remove dae_do-search.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.