» {dd6395e7-ad89-4aa2-bb38-2318d7640934}
Overview
Analysis
File Details

{dd6395e7-ad89-4aa2-bb38-2318d7640934}

Search Results, LLC

The file {dd6395e7-ad89-4aa2-bb38-2318d7640934} by Search Results has been detected as adware by 9 anti-malware scanners.

File name:

Publisher:

Search Results, LLC (signed and verified)

MD5:

777261d3145a7639e8ff6099dfbbaf62

SHA-1:

d32931194675b1d904ba56ef90e6864c71c4a0bd

SHA-256:

df166ff3a14b61754da0d4c69b0548a371769d8dee70c40c663a93465897140d

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/23/2024 9:34:00 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.DefaultTab

7.1.1

Comodo Security

Heur.Suspicious

17782

Dr.Web

Adware.Plugin.48

9.0.1.0112

ESET NOD32

Win32/Toolbar.DefaultTab (variant)

9.9421

herdProtect (fuzzy)

variant of {bbbabea8-ed14-4045-935e-7ccf57d82cb1} (Adware)

2015.7.23.6

McAfee

Artemis!777261D3145A

5600.6788

Reason Heuristics

Threat.SearchResults

15.4.21.21

Rising Antivirus

PE:Trojan.Win32.Generic.15766DCC!360082892

23.00.65.15420

VIPRE Antivirus

Trojan.Win32.Generic

26446

File size:

1.6 MB (1,711,200 bytes)

Digital Signature

Signed by:

Search Results, LLC

Authority:

COMODO CA Limited

Valid from:

4/24/2012 5:00:00 PM

Valid to:

4/25/2014 4:59:59 PM

Subject:

CN="Search Results, LLC", O="Search Results, LLC", STREET="2751 Hennepin Ave S #252", L=Minneapolis, S=MN, PostalCode=55405, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B6815DF3B6D64839E008D65B53EF0170

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:8YnwgsOzOvfJFvuWBLgAFDiy7fb1x08UrkoenEnR3e:8o5NzOvfJ3/I9koe2O

Entry address:

0x17090

Entry point:

55, 8B, EC, 83, C4, E0, 53, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, E8, 89, 45, EC, B8, F0, 6F, 41, 00, E8, 19, F3, FE, FF, 8B, 1D, B4, 83, 41, 00, 33, C0, 55, 68, C3, 73, 41, 00, 64, FF, 30, 64, 89, 20, BA, D0, 98, 41, 00, B8, 00, 08, 00, 00, E8, A6, 56, FF, FF, C6, 05, D3, 98, 41, 00, 2E, C6, 05, D2, 98, 41, 00, 2C, B8, D8, 73, 41, 00, E8, 8A, 0D, FF, FF, A2, 8C, 98, 41, 00, 33, C0, 89, 03, B8, 9C, 98, 41, 00, BA, EC, 73, 41, 00, E8, 1E, D5, FE, FF, B8, A0, 98, 41, 00, BA, 1C, 74, 41, 00, E8, 0F, D5, FE... 
[+]

Entropy:

6.4607

Developed / compiled with:

Microsoft Visual C++

Code size:

90 KB (92,160 bytes)

Remove {dd6395e7-ad89-4aa2-bb38-2318d7640934} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.