home

searcher.exe

SearchDefender

LLC

The application searcher.exe, “SearchDefender Setup ” by LLC has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from sendme8.ru and multiple other hosts.
Publisher:
Artex Publishing   (signed by LLC )

Product:
SearchDefender

Description:
SearchDefender Setup

MD5:
cb053fec197d5adcfceb813d3e6c41b1

SHA-1:
9bb5d035e93c748469fc6a854f365577ffc570d3

SHA-256:
09ca0e7818f957dc1dab59a5a53859e6420333c82d3bf9d178d5959c9d2799f5

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
5/17/2024 1:28:39 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Homepager
4.0.3.151019

ESET NOD32
Win32/Homepager.A potentially unwanted (variant)
9.12429

Reason Heuristics
PUP.Amonitize.ArtexPublishing.Installer (M)
15.10.19.15

File size:
3.2 MB (3,337,488 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\searcher.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
10/1/2015 6:00:00 AM

Valid to:
10/1/2016 5:59:59 AM

Subject:
CN="LLC ""SOFT-STRIM""", O="LLC ""SOFT-STRIM""", STREET="vul. CHERVONOARMIYSKA, 74", L=Kiev, S=Kiev, PostalCode=03150, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E0DE5AEAE0D5FF7F93128F6790389C27

File PE Metadata
Compilation timestamp:
7/16/2015 7:24:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:JE/jTn0nb+O2C+fRuofQI3TvW8m6a7KRs/tz7ldhZGToLjk/5PtKfHAvA9:23aoCVsQI31w711z5dhYTOjk/5PtUf

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 34, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 1E, D8, FF, FF, E8, 6D, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 33, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 54, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file searcher.exe has been seen being distributed by the following 3 URLs.

http://sendme8.ru/.../2969e7f243e0dc010ee301c631b3a0af.exe

http://syscos18.ru/.../2969e7f243e0dc010ee301c631b3a0af.exe

http://sendme13.ru/.../2969e7f243e0dc010ee301c631b3a0af.exe

Remove searcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.