home

update.exe

Search Results, LLC

The application update.exe by Search Results has been detected as adware by 2 anti-malware scanners.
Publisher:
Search Results, LLC  (signed and verified)

Version:
1.4.5.0

MD5:
98752369e9a12b28ce685dce9565169c

SHA-1:
cdab31e53f43387aede14587517861d952ec2648

SHA-256:
664aea5640412a0cb360b4e4215f4b759e1f85578561d099284186e05453a5f8

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/16/2024 9:52:04 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.109
9.0.1.06

Reason Heuristics
PUP.SearchResults.G
15.1.6.18

File size:
794.6 KB (813,664 bytes)

Product version:
1.4.5.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\defaulttab\defaulttab\update.exe

Digital Signature
Signed by:
Search Results, LLC

Authority:
COMODO CA Limited

Valid from:
4/24/2012 7:00:00 PM

Valid to:
4/25/2014 6:59:59 PM

Subject:
CN="Search Results, LLC", O="Search Results, LLC", STREET="2751 Hennepin Ave S #252", L=Minneapolis, S=MN, PostalCode=55405, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B6815DF3B6D64839E008D65B53EF0170

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
12288:71GEnhaToEmHPNjWUWv7eeeYhbQ/WDNli2rwFFEl23qUqHG8yyxDW6gHNK:74OhaTAWbeef8+DDi2sFGYPqHIXHNK

Entry address:
0x1A120

Entry point:
55, 8B, EC, 83, C4, F0, A1, D0, BB, 41, 00, C6, 00, 01, B8, 38, A0, 41, 00, E8, F0, BF, FE, FF, 33, C0, 55, 68, 7F, A1, 41, 00, 64, FF, 30, 64, 89, 20, B8, 94, A1, 41, 00, E8, 34, D9, FE, FF, A2, 3C, DB, 41, 00, E8, CA, F9, FF, FF, 84, C0, 74, 13, E8, 3D, F2, FF, FF, 84, C0, 74, 0A, E8, B0, F8, FF, FF, E8, 0B, F7, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 86, A1, 41, 00, C3, E9, 6C, 9C, FE, FF, EB, F8, E8, 6D, A1, FE, FF, 00, FF, FF, FF, FF, 09, 00, 00, 00, 43, 3A, 5C, 54, 65, 6D, 70, 44, 54, 00, 00, 00...
 
[+]

Entropy:
7.9166

Developed / compiled with:
Microsoft Visual C++

Code size:
100.5 KB (102,912 bytes)

Remove update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.