» dsrlte.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

dsrlte.exe

Pay-by-Ads Ltd

The application dsrlte.exe by Pay-by-Ads has been detected as adware by 18 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. This file is typically installed with the program Yahoo! Search by Pay-by-Ads Ltd which is a potentially unwanted software program.

File name:

dsrlte.exe

Publisher:

Pay By Ads LTD (signed by Pay-by-Ads Ltd)

Version:

1.3.0.0

MD5:

4932b700dc8899151e96419005156269

SHA-1:

7076e0a990b00a41b897347aefeca3aebd6dd49c

SHA-256:

bf0213e4a3c916f0b0a7480e511d01f569d8f84a98ed02674408d5d79a7d13dd

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/19/2024 10:32:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OGO

761

AVG

Paybyads

2015.0.3385

Baidu Antivirus

PUA.Win32.Montiera

4.0.3.1515

Bitdefender

Adware.Agent.OGO

1.0.20.25

Bkav FE

W32.PaybyAds.Adware

1.3.0.6267

Dr.Web

Adware.Toolbar.251

9.0.1.05190

Emsisoft Anti-Malware

Adware.Agent.OGO

8.15.01.05.09

ESET NOD32

Win32/Toolbar.Montiera.K potentially unwanted application

7.0.302.0

F-Secure

Adware.Agent.OGO

11.2015-05-01_2

G Data

Adware.Agent.OGO

15.1.24

K7 AntiVirus

Riskware

13.183.13029

Malwarebytes

PUP.Optional.PayByAds.A

v2014.08.12.10

MicroWorld eScan

Adware.Agent.OGO

16.0.0.15

NANO AntiVirus

Riskware.Win32.Toolbar.ddtpee

0.28.6.63850

nProtect

Adware.Agent.OGO

14.12.02.01

Reason Heuristics

PUP.Task.Montiera

15.1.16.1

Sophos

PayByAds

4.98

VIPRE Antivirus

Threat.4150696

31208

File size:

522.9 KB (535,472 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\pay-by-ads\yahoo! search\1.3.8.2\dsrlte.exe

Digital Signature

Signed by:

Pay-by-Ads Ltd

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2013 1:45:20 PM

Valid to:

12/16/2014 3:54:24 PM

Subject:

CN=Pay-by-Ads Ltd, O=Pay-by-Ads Ltd, L=Tel aviv, C=IL

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B0FFF59FB803E

File PE Metadata

Compilation timestamp:

6/12/2014 11:07:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:wINV+kfmynUmXOlCcg0rGhgEP/OjE7jH4AE5HjJwDiqdRokfYqJ:y/EIE7jH4AE5WDiqboU

Entry address:

0x3D316

Entry point:

E8, AD, 83, 00, 00, E9, 89, FE, FF, FF, B8, 0D, 62, 44, 00, A3, 00, 5A, 46, 00, C7, 05, 04, 5A, 46, 00, 03, 59, 44, 00, C7, 05, 08, 5A, 46, 00, B7, 58, 44, 00, C7, 05, 0C, 5A, 46, 00, F0, 58, 44, 00, C7, 05, 10, 5A, 46, 00, 59, 58, 44, 00, A3, 14, 5A, 46, 00, C7, 05, 18, 5A, 46, 00, 85, 61, 44, 00, C7, 05, 1C, 5A, 46, 00, 75, 58, 44, 00, C7, 05, 20, 5A, 46, 00, D7, 57, 44, 00, C7, 05, 24, 5A, 46, 00, 63, 57, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BE, 8E, 00, 00, DB... 
[+]

Code size:

320.5 KB (328,192 bytes)

Scheduled Task

Task name:

Yahoo! Search

Trigger:

Time (Next runs on 2014.08.12. at 15:30)

The file dsrlte.exe has been discovered within the following program.

Yahoo! Search by Pay-by-Ads Ltd

This is NOT associated with Yahoo. Pay-By-Ads' Yahoo! Search is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

66% remove it

Remove dsrlte.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.