home

update.exe

Search Results, LLC

The application update.exe by Search Results has been detected as adware by 3 anti-malware scanners.
Publisher:
Search Results, LLC  (signed and verified)

Version:
1.5.5.0

MD5:
b0b12ac10227720a11d651b9470605f2

SHA-1:
2e4622510f5a4551edb282bb12ba2b91c0deae11

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
4/23/2024 11:32:39 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.109
9.0.1.0176

NANO AntiVirus
Trojan.Win32.Plugin.ckrklq
0.28.0.59492

Reason Heuristics
PUP.SearchResults.G
14.8.7.17

File size:
795.1 KB (814,176 bytes)

Product version:
1.5.5.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\defaulttab\defaulttab\update.exe

Digital Signature
Signed by:
Search Results, LLC

Authority:
COMODO CA Limited

Valid from:
4/24/2012 5:00:00 PM

Valid to:
4/25/2014 4:59:59 PM

Subject:
CN="Search Results, LLC", O="Search Results, LLC", STREET="2751 Hennepin Ave S #252", L=Minneapolis, S=MN, PostalCode=55405, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B6815DF3B6D64839E008D65B53EF0170

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
24576:A4O8xRU7+RdfbTSKqIy9iT3uyQCSq0HVU:A4zRU7WdfbTSKc9SQCSVW

Entry address:
0x1A120

Entry point:
55, 8B, EC, 83, C4, F0, A1, D0, BB, 41, 00, C6, 00, 01, B8, 38, A0, 41, 00, E8, F0, BF, FE, FF, 33, C0, 55, 68, 7F, A1, 41, 00, 64, FF, 30, 64, 89, 20, B8, 94, A1, 41, 00, E8, 34, D9, FE, FF, A2, 3C, DB, 41, 00, E8, CA, F9, FF, FF, 84, C0, 74, 13, E8, 3D, F2, FF, FF, 84, C0, 74, 0A, E8, B0, F8, FF, FF, E8, 0B, F7, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 86, A1, 41, 00, C3, E9, 6C, 9C, FE, FF, EB, F8, E8, 6D, A1, FE, FF, 00, FF, FF, FF, FF, 09, 00, 00, 00, 43, 3A, 5C, 54, 65, 6D, 70, 44, 54, 00, 00, 00...
 
[+]

Entropy:
7.9149

Developed / compiled with:
Microsoft Visual C++

Code size:
100.5 KB (102,912 bytes)

Remove update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.