home

dsrlte.exe

PayByAds ltd.

The application dsrlte.exe by PayByAds ltd has been detected as adware by 30 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. This file is typically installed with the program Yahoo! Search by Pay-by-Ads Ltd which is a potentially unwanted software program. While running, it connects to the Internet address NY1WV3438 on port 80 using the HTTP protocol.
Publisher:
Pay By Ads LTD  (signed by PayByAds ltd.)

Version:
1.3.0.0

MD5:
899860bff83889d3ee6e29f2dc9ceaa1

SHA-1:
b123bde30d6f30fd97c9aaa19e8870681b0ea31a

SHA-256:
ba457bfc9dcff8a89f12f5234d68ec8a2df1f69dc659fd60665d5ce84e0be650

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
4/19/2024 2:48:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.64185
833

Avira AntiVirus
Adware/Agent.Montiera.Q
7.11.198.150

AVG
Paybyads
2015.0.3311

Baidu Antivirus
Hacktool.Win32.Montiera
4.0.3.141025

Bitdefender
Gen:Variant.Strictor.64185
1.0.20.1490

Comodo Security
ApplicUnwnt
20520

Dr.Web
Adware.Toolbar.345
9.0.1.016

Emsisoft Anti-Malware
Gen:Variant.Strictor.64185
8.14.10.25.08

ESET NOD32
Win32/Toolbar.Montiera (variant)
8.10615

Fortinet FortiGate
Riskware/Montiera
1/16/2015

F-Secure
Gen:Variant.Strictor.64185
11.2014-25-10_7

G Data
Gen:Variant.Strictor.64185
14.10.24

IKARUS anti.virus
not-a-virus:Downloader.Montiera
t3scan.1.8.5.0

K7 AntiVirus
Trojan
13.188.14468

Kaspersky
not-a-virus:Downloader.Win32.Montiera
14.0.0.3048

Malwarebytes
PUP.Optional.PayByAds.A
v2014.10.25.08

McAfee
Artemis!899860BFF838
5600.6967

MicroWorld eScan
Gen:Variant.Strictor.64185
15.0.0.894

NANO AntiVirus
Trojan.Win32.Montiera.djabzl
0.30.0.64448

nProtect
Adware.PayByAds.A
14.12.29.01

Panda Antivirus
Trj/CI.A
15.01.16.01

Qihoo 360 Security
Win32/Virus.Downloader.42e
1.0.0.1015

Quick Heal
Riskware.PayByAds.r5 (Not a Virus)
1.15.14.00

Reason Heuristics
PUP.Task.Montiera
15.1.16.1

Sophos
PayByAds
4.98

Trend Micro House Call
ADW_TIERMON
7.2.16

Trend Micro
ADW_TIERMON
10.465.16

Vba32 AntiVirus
Downloader.Montiera
3.12.26.3

VIPRE Antivirus
Montiera
34214

Zillya! Antivirus
Downloader.Montiera.Win32.22
2.0.0.2021

File size:
520.9 KB (533,352 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\pay-by-ads\yahoo! search\1.3.15.4\dsrlte.exe

Digital Signature
Signed by:
PayByAds ltd.

Authority:
COMODO CA Limited

Valid from:
7/28/2014 9:00:00 AM

Valid to:
7/29/2015 8:59:59 AM

Subject:
CN=PayByAds ltd., O=PayByAds ltd., STREET="Herbert Samuel, 46", L=Tel Aviv, S=Israel, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CA9E6FD9AC89FBB9BC192CA9530A98F5

File PE Metadata
Compilation timestamp:
10/23/2014 5:10:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:xlw+rUNG4zkqd8+tR0GH585U5QdJ6xMc/6/4:G385U5QdSHC/4

Entry address:
0x41509

Entry point:
E8, 3B, 84, 00, 00, E9, 89, FE, FF, FF, B8, 8E, A4, 44, 00, A3, D0, 39, 47, 00, C7, 05, D4, 39, 47, 00, 84, 9B, 44, 00, C7, 05, D8, 39, 47, 00, 38, 9B, 44, 00, C7, 05, DC, 39, 47, 00, 71, 9B, 44, 00, C7, 05, E0, 39, 47, 00, DA, 9A, 44, 00, A3, E4, 39, 47, 00, C7, 05, E8, 39, 47, 00, 06, A4, 44, 00, C7, 05, EC, 39, 47, 00, F6, 9A, 44, 00, C7, 05, F0, 39, 47, 00, 58, 9A, 44, 00, C7, 05, F4, 39, 47, 00, E4, 99, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 29, 8F, 00, 00, DB...
 
[+]

Entropy:
6.2764

Code size:
359.5 KB (368,128 bytes)

Scheduled Task
Task name:
Yahoo! Search

Trigger:
Time (Next runs on 2014/10/25 at 21:35)


The file dsrlte.exe has been discovered within the following program.

Yahoo! Search  by Pay-by-Ads Ltd
This is NOT associated with Yahoo. Pay-By-Ads' Yahoo! Search is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
66% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ny1wv3283.xglobe.net  (204.145.82.23:80)

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to NY1WV3438  (204.145.82.24:80)

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

TCP (HTTP):
Connects to 131.subnet180-250-66.speedy.telkom.net.id  (180.250.66.131:80)

TCP (HTTP):
Connects to ip66.ip-198-50-225.net  (198.50.225.66:80)

TCP (HTTP SSL):
Connects to server-54-230-150-6.sin2.r.cloudfront.net  (54.230.150.6:443)

TCP (HTTP SSL):
Connects to server-54-230-150-40.sin2.r.cloudfront.net  (54.230.150.40:443)

TCP (HTTP):
Connects to server-54-230-0-233.lhr5.r.cloudfront.net  (54.230.0.233:80)

TCP (HTTP):
Connects to server-54-192-3-94.lhr5.r.cloudfront.net  (54.192.3.94:80)

TCP (HTTP SSL):
Connects to server-54-192-159-5.sin3.r.cloudfront.net  (54.192.159.5:443)

TCP (HTTP SSL):
Connects to server-54-192-159-35.sin3.r.cloudfront.net  (54.192.159.35:443)

TCP (HTTP SSL):
Connects to server-54-192-159-137.sin3.r.cloudfront.net  (54.192.159.137:443)

TCP (HTTP):
Connects to server-52-85-83-42.lax1.r.cloudfront.net  (52.85.83.42:80)

TCP (HTTP):
Connects to host-197.199.253.140.etisalat.com.eg  (197.199.253.140:80)

TCP (HTTP):
Connects to cds986.lon.llnw.net  (87.248.212.145:80)

TCP (HTTP):
Connects to cds892.frf.llnw.net  (87.248.217.70:80)

TCP (HTTP):
Connects to a23-15-155-27.deploy.static.akamaitechnologies.com  (23.15.155.27:80)

Remove dsrlte.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.