home

onlysetup.exe

PayByAds ltd.

The application onlysetup.exe by PayByAds ltd has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. This file is typically installed with the program Only-search by Pay-by-Ads Ltd which is a potentially unwanted software program.
Publisher:
Pay By Ads LTD  (signed by PayByAds ltd.)

Version:
1.3.0.0

MD5:
01e47a1c2ae009e77bd7359aaaeea0c9

SHA-1:
b51293a54fa199de817a5585b5fd332aa2169a06

SHA-256:
5a3f2d4aa231a1e5defd764dbedf419b9862440880e995eca89cec42498677cd

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
4/19/2024 10:08:34 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Paybyads
2015.0.3367

K7 AntiVirus
Riskware
13.183.13504

Kaspersky
not-a-virus:Downloader.Win32.Montiera
14.0.0.2688

Malwarebytes
PUP.Optional.PayByAds.A
v2014.08.29.05

McAfee
Artemis!01E47A1C2AE0
5600.6884

Reason Heuristics
PUP.Task.Montiera
15.1.16.1

Sophos
PayByAds
4.98

Trend Micro House Call
Suspicious_GEN.F47V0915
7.2.16

Vba32 AntiVirus
Downloader.Montiera
3.12.26.3

VIPRE Antivirus
Montiera
33450

Zillya! Antivirus
Downloader.Montiera.Win32.7
2.0.0.1934

File size:
326.9 KB (334,696 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\onlysearch\onlysearch\1.3.12.4\onlysetup.exe

Digital Signature
Signed by:
PayByAds ltd.

Authority:
COMODO CA Limited

Valid from:
7/27/2014 5:00:00 PM

Valid to:
7/28/2015 4:59:59 PM

Subject:
CN=PayByAds ltd., O=PayByAds ltd., STREET="Herbert Samuel, 46", L=Tel Aviv, S=Israel, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CA9E6FD9AC89FBB9BC192CA9530A98F5

File PE Metadata
Compilation timestamp:
8/27/2014 8:06:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:VKl1C1EYiGc3FHQPoPZHN8My/yJq5FmTZ/KB2dl0NCU6wY:AlUWYZc1HQwPdN8j/Qq5FmTZ/KB0DU67

Entry address:
0x29D60

Entry point:
E8, 41, 73, 00, 00, E9, 89, FE, FF, FF, B8, EB, 1B, 43, 00, A3, C0, 8F, 44, 00, C7, 05, C4, 8F, 44, 00, E1, 12, 43, 00, C7, 05, C8, 8F, 44, 00, 95, 12, 43, 00, C7, 05, CC, 8F, 44, 00, CE, 12, 43, 00, C7, 05, D0, 8F, 44, 00, 37, 12, 43, 00, A3, D4, 8F, 44, 00, C7, 05, D8, 8F, 44, 00, 63, 1B, 43, 00, C7, 05, DC, 8F, 44, 00, 53, 12, 43, 00, C7, 05, E0, 8F, 44, 00, B5, 11, 43, 00, C7, 05, E4, 8F, 44, 00, 41, 11, 43, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 52, 7E, 00, 00, DB...
 
[+]

Entropy:
6.4584

Code size:
228.5 KB (233,984 bytes)

Scheduled Task
Task name:
Only-search Udpater

Trigger:
Time (Next runs on 29/08/2014 at 19:05)


The file onlysetup.exe has been discovered within the following program.

Only-search  by Pay-by-Ads Ltd
OnlySearch is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
81% remove it
 
Powered by Should I Remove It?

Remove onlysetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.