home

dsrsetup.exe

Blarble

The application dsrsetup.exe by Blarble has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Yahoo! Search by Pay-By-Ads.
Publisher:
Pay By Ads LTD  (signed by Blarble)

Version:
1.3.0.0

MD5:
a16e900e5a708cc59209adb7af695918

SHA-1:
f7515be1b3bcefddfb9f62b484728fbc4519ab6e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/22/2024 5:05:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera (M)
16.10.17.11

File size:
522.7 KB (535,219 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\pay-by-ads\yahoo! search\1.3.19.2\dsrsetup.exe

Digital Signature
Signed by:
Blarble

Authority:
VeriSign, Inc.

Valid from:
9/30/2014 7:00:00 AM

Valid to:
10/31/2015 6:59:59 AM

Subject:
CN=Blarble, O=Blarble, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7B29722C0660917240E2DF85990646F3

File PE Metadata
Compilation timestamp:
1/15/2015 7:17:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:lhMzHHj8muOfnaOYDfYuGgOJzSnjAfRp+x0XSK4zkf:KxapUJzSnU54xSSkf

Entry address:
0x343F0

Entry point:
60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, E7, 01, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, E7, 01, 89, 45, 00, 8B, 83, B3, 4B, E7, 01, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, E7, 01, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, E7, 01, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, E7, 01, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3...
 
[+]

Entropy:
6.3835

Packer / compiler:
ASPack v1.08.04

Code size:
297.5 KB (304,640 bytes)

Program Uninstaller
Program name:
Yahoo! Search

Display publisher:
Pay-By-Ads

Uninstall string:
"C:\Documents and Settings\Administrator\Application Data\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrsetup.exe" /uninstl


Remove dsrsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.