home

SearchSettings.exe

Search Settings

Best Social Feed Inc.

The application SearchSettings.exe by Best Social Feed has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Search Software’. This file is typically installed with the program Search Software by Best Social Feed Inc. which is a potentially unwanted software program.
Publisher:
Best Social Feed Inc.  (signed and verified)

Product:
Search Settings

Version:
2.0.0.1

MD5:
53a7961fc269fc946de4ec47831f999d

SHA-1:
bd2d078501e7bf09d37cd2a8b2637dbb6be8f1ff

SHA-256:
5929689f7d8e6330dfdac68cf6adfc817de48bd1075333066fefdf582edcaa7e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 2:39:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.1.23

File size:
849.8 KB (870,168 bytes)

Product version:
2.0.0.1

Copyright:
Copyright © 2002-2012

Original file name:
SearchSettings.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\search software\searchsettings.exe

Digital Signature
Signed by:
Best Social Feed Inc.

Authority:
VeriSign, Inc.

Valid from:
10/22/2013 2:00:00 AM

Valid to:
10/22/2016 1:59:59 AM

Subject:
CN=Best Social Feed Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Best Social Feed Inc., L=Cupertino, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
75C790FD141329AA8211A778C6FD6844

File PE Metadata
Compilation timestamp:
11/13/2013 10:15:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:2BiqDbu8kukfb/uURBUc+DEa1pQz/+st0n8KYCVLNt3/w2ZGqEMqOwYSZZ3Dvdwy:2i4a8kuYb/IDXI/r0nUGHrG11V3DEu

Entry address:
0x954C7

Entry point:
E8, C2, 5F, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81...
 
[+]

Entropy:
6.7255

Code size:
711.5 KB (728,576 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Search Software

Command:
C:\Program Files\search software\searchsettings.exe


The file SearchSettings.exe has been discovered within the following program.

Search Software  by Best Social Feed Inc.
This is a potentially unwanted (PUP) ad-supported (adware) web browser toolbar that will modify the user's search page and provider in order to redirect web searches.
88% remove it
 
Powered by Should I Remove It?

Remove SearchSettings.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.