» dl159.exe
Overview
Analysis
File Details

dl159.exe

Search Results, LLC

The application dl159.exe by Search Results has been detected as adware by 12 anti-malware scanners.

File name:

dl159.exe

Publisher:

Search Results, LLC (signed and verified)

MD5:

d0eb793835e4d25775166195ae8e6558

SHA-1:

350d91e47d6c1cf751b967bbdc54c7003840e54d

SHA-256:

b77b12f5de597076b2ad45bc0091c3411c20d532d200a00224fa1b1d2a271cd2

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

4/19/2024 11:57:04 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Win32/DH{gQwgWAA4EoESgRN2dw}

2015.0.3285

Baidu Antivirus

Adware.Win32.BHODfltTab

4.0.3.141120

ESET NOD32

Win32/Toolbar.DefaultTab (variant)

8.10750

Fortinet FortiGate

Riskware/DefaultTab

11/20/2014

G Data

Win32.Application.Agent.0GMDNS

14.11.24

Kaspersky

Trojan-Dropper.Win32.Agent

14.0.0.2919

McAfee

Artemis!D0EB793835E4

5600.6941

Qihoo 360 Security

Win32/Trojan.Dropper.ac8

1.0.0.1015

Reason Heuristics

PUP.SearchResults.F

14.11.20.5

Trend Micro House Call

Suspicious_GEN.F47V1118

7.2.324

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Revizer.b

34940

File size:

753.6 KB (771,672 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\defaulttab\defaulttab\dl159.exe

Digital Signature

Signed by:

Search Results, LLC

Authority:

COMODO CA Limited

Valid from:

5/2/2014 2:00:00 AM

Valid to:

5/2/2017 1:59:59 AM

Subject:

CN="Search Results, LLC", O="Search Results, LLC", STREET="2751 Hennepin Ave S #252", L=Minneapolis, S=MN, PostalCode=55405, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

64CA9F4A3D9A5E89553273D5E484CBE9

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:4yzBCBbJJf/dcFLJ2NQrpEDyFhlZixxXc67Pcl3cFMtVTYQ1Uh0:3BmreLJBKDsriMoPclsOrEUg0

Entry address:

0x6A27C

Entry point:

55, 8B, EC, 83, C4, F0, B8, 04, A0, 46, 00, E8, 14, C8, F9, FF, 33, C0, 55, 68, 10, A3, 46, 00, 64, FF, 30, 64, 89, 20, B8, 24, A3, 46, 00, E8, A4, ED, F9, FF, A2, D0, EE, 46, 00, B8, 38, A3, 46, 00, E8, E1, DB, FF, FF, B8, D8, EE, 46, 00, BA, 50, A3, 46, 00, E8, 96, A5, F9, FF, B8, D4, EE, 46, 00, BA, 60, A3, 46, 00, E8, 87, A5, F9, FF, A1, D4, EE, 46, 00, E8, D9, DE, FF, FF, E8, 88, E2, FF, FF, 84, C0, 74, 0F, E8, 8B, E8, FF, FF, E8, D6, E6, FF, FF, E8, 81, EA, FF, FF, E8, B4, F7, FF, FF, E8, 63, F0, FF... 
[+]

Entropy:

7.3107

Developed / compiled with:

Microsoft Visual C++

Code size:

421 KB (431,104 bytes)

Remove dl159.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.