» SearchSettings.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

SearchSettings.exe

Search Settings

Best Social Feed Inc.

The application SearchSettings.exe by Best Social Feed has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Search Software’. This file is typically installed with the program Search Software by Best Social Feed Inc. which is a potentially unwanted software program.

File name:

SearchSettings.exe

Publisher:

Best Social Feed Inc. (signed and verified)

Product:

Search Settings

Version:

2.0.0.1

MD5:

48e6e97124c779649419eed707feb152

SHA-1:

9df9b88a089bda5b37da5e0c64c8b56afd332c6d

SHA-256:

3e5bceacaa80407b7dac63e48ed7f91986dfed01fe46990a1d31d9c10f211db3

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 7:31:54 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.7.18.16

File size:

173.3 KB (177,432 bytes)

Product version:

2.0.0.1

Original file name:

SearchSettings.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\search software\searchsettings.exe

Digital Signature

Signed by:

Best Social Feed Inc.

Authority:

VeriSign, Inc.

Valid from:

10/22/2013 5:30:00 AM

Valid to:

10/22/2016 5:29:59 AM

Subject:

CN=Best Social Feed Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Best Social Feed Inc., L=Cupertino, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

75C790FD141329AA8211A778C6FD6844

File PE Metadata

Compilation timestamp:

11/28/2013 7:35:47 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:LLB0odGQ2sfbf52G2twi1nSec6xTTRDlMY5x8L8sd8ukcLEHPL6lhvobX:LLCaGQ2dGs1nSejTRXTE8sd8OC2S

Entry address:

0xE303

Entry point:

E8, F6, 5B, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1, 00, 01, 01, 81, 75, 1C, 25, 00, 01, 01, 81... 
[+]

Entropy:

6.5085

Code size:

121 KB (123,904 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Search Software

Command:

C:\Program Files\search software\searchsettings.exe

The file SearchSettings.exe has been discovered within the following program.

Search Software by Best Social Feed Inc.

This is a potentially unwanted (PUP) ad-supported (adware) web browser toolbar that will modify the user's search page and provider in order to redirect web searches.

88% remove it

Remove SearchSettings.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.