» starter.exe
Overview
Analysis
File Details

starter.exe

AZTEC MEDIA INC.

The application starter.exe by AZTEC MEDIA INC has been detected as adware by 8 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

starter.exe

Publisher:

AZTEC MEDIA INC. (signed and verified)

MD5:

084d71bc22b0130c2a88afa727af2a15

SHA-1:

ae8df9a583391f085f7b0b1ed819ef94ead4040b

SHA-256:

f395edf1f62ab5ed31bd6215ccfe5390605c48414639679fcee45106f2ac9f10

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/19/2024 7:56:03 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win64.SearchSuite

4.0.3.1492

F-Prot

W32/SearchSuite.A.gen

v6.4.7.1.166

G Data

Win32.Application.Searchsuite

14.9.24

IKARUS anti.virus

PUA.Toolbar.SearchSuite

t3scan.1.6.1.0

Kaspersky

not-a-virus:WebToolbar.Win64.SearchSuite

14.0.0.3311

Panda Antivirus

Trj/Genetic.gen

14.09.02.09

Reason Heuristics

PUP.AZTECMEDIAINC.H

14.9.2.21

Sophos

SearchSuite

4.98

File size:

125.5 KB (128,528 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\starter.exe

Digital Signature

Signed by:

AZTEC MEDIA INC.

Authority:

Thawte, Inc.

Valid from:

1/28/2014 6:00:00 PM

Valid to:

5/19/2015 6:59:59 PM

Subject:

CN=AZTEC MEDIA INC., OU=Development, O=AZTEC MEDIA INC., L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7DE0D719BBAF922D3A980DBD523B959A

File PE Metadata

Compilation timestamp:

7/28/2014 6:25:51 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:PDbCw2QmSEgRLMZ1apkD7nl5tU1l5PhWlq9:bbF2yozaq7nDtiDPhW89

Entry address:

0x6D72

Entry point:

E8, 3C, 20, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 80, D3, 40, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 10, D1, 40, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, D4, D0, 40, 00, 57, FF, 35, E8, 2E, 41, 00, FF, D6, FF, 35, E4, 2E, 41, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82... 
[+]

Entropy:

5.2767

Code size:

46 KB (47,104 bytes)

Remove starter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.