home

startpage24_installer_complete_v2.0.0.713.exe

Startpage24 Startpage

Link64 GmbH

The application startpage24_installer_complete_v2.0.0.713.exe, “Updater [Startpage24_*.exe]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Link64 GmbH  (signed and verified)

Product:
Startpage24 Startpage

Description:
Updater [Startpage24_*.exe]

Version:
2.0.0.713

MD5:
ac8b28efb02d64a94094980580a2a679

SHA-1:
20e69e2509e06b699df56b6e34aa2ed505a0fbc9

SHA-256:
343c6352d98af6e5fe77bc41114eb72181bc23d65da2aa28b22563a57ded0069

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/10/2024 4:16:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.25.14

File size:
4 MB (4,158,576 bytes)

Product version:
2.0.0.713

Copyright:
(c) 2008-10 Link64 GmbH. All rights reserved.

Original file name:
Startpage24_Install.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\startpage24_installer_complete_v2.0.0.713.exe

Digital Signature
Signed by:
Link64 GmbH

Authority:
Thawte, Inc.

Valid from:
2/14/2011 1:00:00 AM

Valid to:
2/13/2013 12:59:59 AM

Subject:
CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=BW, C=DE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
15F5E6DF4214F9A5312FC2CB4F217D16

File PE Metadata
Compilation timestamp:
8/8/2011 9:31:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:M0ZqNWXuade7qRjxdeh83s9Vsmn+v0E/2Pm4B0zdyoecp:M05XuANfF28LehOBtp

Entry address:
0x75BC

Entry point:
E8, 23, 71, 00, 00, E9, 17, FE, FF, FF, 6A, 0C, 68, F0, FE, 43, 00, E8, A2, 12, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 58, 9E, 44, 00, 03, 75, 43, 6A, 04, E8, 05, 73, 00, 00, 59, 83, 65, FC, 00, 56, E8, 73, 73, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 8F, 73, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, F3, 71, 00, 00, 59, C3, 56, 6A, 00, FF, 35, D4, 80, 44, 00, FF, 15, 48, 02, 43, 00, 85, C0, 75, 16, E8, 55, 07, 00...
 
[+]

Code size:
188 KB (192,512 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.