» mystartsearch.exe
Overview
Analysis
File Details

mystartsearch.exe

3530_sky_mystartsearch

Shulan Hou

The application mystartsearch.exe by Shulan Hou has been detected as adware by 18 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

mystartsearch.exe

Publisher:

BaiSix (signed by Shulan Hou)

Product:

3530_sky_mystartsearch

Description:

BaiSix

Version:

6.3.7602.2008

MD5:

8ad165ef66a71da67cbb3f96b589615a

SHA-1:

72bb21d410b1922fde22bc9582d81cc5621e6108

SHA-256:

9c03260d39dae4b43a9d65fc1cc001bf8c58be1b7f03a5c2cca43fa4488a14c6

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

8/2/2025 11:38:07 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

Generic

2016.0.3113

Baidu Antivirus

PUA.Win32.LiMo

4.0.3.15510

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Mutabaha.330

9.0.1.05190

ESET NOD32

Win32/LiMo.C potentially unwanted (variant)

9.11419

Fortinet FortiGate

W32/ELEX.C

8/8/2015

herdProtect (fuzzy)

variant of amt_omniboxes.exe (Adware)

2015.8.8.2

IKARUS anti.virus

PUA.LiMo

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15470

Malwarebytes

PUP.Optional.Omniboxes.A

v2015.05.10.06

McAfee

Artemis!7FB24EA08AA4

5600.6680

NANO AntiVirus

Riskware.Win32.Mutabaha.drhslp

0.30.24.1357

Panda Antivirus

Trj/Agent.IVN

15.05.10.06

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Ma Lin.ShulanHou

15.5.10.13

Sophos

Elex

4.98

Trend Micro House Call

Suspicious_GEN.F47V0401

7.2.220

File size:

492.1 KB (503,904 bytes)

Product version:

6.3.7602.2008

BaiSix.com

Original file name:

BaiSix.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\appdata\local\temp\mystartsearch.exe

Digital Signature

Signed by:

Shulan Hou

Authority:

DigiCert Inc

Valid from:

12/24/2014 1:00:00 AM

Valid to:

1/6/2016 1:00:00 PM

Subject:

CN=Shulan Hou, O=Shulan Hou, L=Dingzhou, S=Hebei, C=CN

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0556596736BF2D2DEB3BC21E5D02E7CE

File PE Metadata

Compilation timestamp:

3/12/2015 7:04:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:MENMvWgHqHNNFlEG262OFxZKv72LXs1HHw:MENMvWtXlBKv72LaHw

Entry address:

0x16F33

Entry point:

E8, 15, C6, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 34, CB, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 50, 88, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 34, CB, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03... 
[+]

Code size:

335 KB (343,040 bytes)

Remove mystartsearch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.