» setupdatamngr_searchqu.exe
Overview
Analysis
File Details

setupdatamngr_searchqu.exe

fTalk

Koyote-Lab Inc.

The application setupdatamngr_searchqu.exe, “Music Toolbar Install” by Koyote-Lab has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Koyote-Lab Inc. (signed and verified)

Product:

fTalk

Description:

Music Toolbar Install

Version:

5.0.0.8462

MD5:

acfe932bb7e032a33e7b3735ef03eaa1

SHA-1:

b876413a5b179625c30cdbb89dd604251dbfd8e1

SHA-256:

58361396f22e3f80605beeb37877d56e06ec27c699d7e16281f49f3bf6ff8a65

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

5/12/2025 6:59:02 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAuto

1.3.0.4246

Boost by Reason

Optional.KoyoteLab

188838

Comodo Security

Heur.Suspicious

17497

Malwarebytes

PUP.Optional.MusicBoxToolbar.A

v2013.12.25.05

Reason Heuristics

PUP.Installer.KoyoteLab

15.3.23.14

Sophos

SearchSuite

4.96

File size:

7.1 MB (7,417,992 bytes)

Product version:

5.0.0.8462

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\nsrc93b.tmp\setupdatamngr_searchqu.exe

Digital Signature

Signed by:

Koyote-Lab Inc.

Authority:

Thawte, Inc.

Valid from:

2/23/2012 12:00:00 AM

Valid to:

2/21/2014 11:59:59 PM

Subject:

CN=Koyote-Lab Inc., OU=DEV, O=Koyote-Lab Inc., L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7AD16C59E384A2E3D38D2287483F9B2B

File PE Metadata

Compilation timestamp:

5/30/2013 9:09:10 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:PYcmMNNjtitzmQ/gYi3K0TAZbElZQ3SVxsMZ:QQN0tCCAK0TJQCVxl

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A1, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, B8, 3E, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 3D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, A3, 40, 00, FF, 15, 80, 91, 40, 00, 68, 04, A3, 40, 00, 68, C0, BD, 46, 00, E8, 8F, 27, 00, 00, FF, 15, B4, 90, 40, 00, 50, BF, A0, 40, 4C, 00, 57, E8, 7D, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28.5 KB (29,184 bytes)

Remove setupdatamngr_searchqu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.