» dsrlte.exe
Overview
Analysis
File Details
Programs (1)
Network (17)

dsrlte.exe

Pay-by-Ads Ltd

The application dsrlte.exe by Pay-by-Ads has been detected as adware by 22 anti-malware scanners. This file is typically installed with the program Yahoo! Search by Pay-by-Ads Ltd which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.

File name:

dsrlte.exe

Publisher:

Pay By Ads LTD (signed by Pay-by-Ads Ltd)

Version:

1.3.0.0

MD5:

ba73d8dc5dd1cf3e558c2152c3d969ad

SHA-1:

a0010b0fbe7c910d1aad86918012529a53983640

SHA-256:

39eaf853dd8d338f927fce97b7e531999401c88627b08b652e292b5b4f51007b

Scanner detections:

22 / 68

Status:

Adware

Analysis date:

4/19/2024 8:09:04 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OGO

761

AVG

Paybyads

2016.0.3239

Baidu Antivirus

PUA.Win32.Montiera

4.0.3.1515

Bitdefender

Adware.Agent.OGO

1.0.20.25

Bkav FE

W32.PaybyAds.Adware

1.3.0.6267

Comodo Security

Application.Win32.WebToolbar.Montiera.~B

20725

Dr.Web

Adware.Toolbar.251

9.0.1.05

Emsisoft Anti-Malware

Adware.Agent.OGO

8.15.01.05.09

ESET NOD32

Win32/Toolbar.Montiera.L potentially unwanted application

9.7.0.302.0

F-Secure

Adware.Agent.OGO

11.2015-05-01_2

G Data

Adware.Agent.OGO

15.1.24

K7 AntiVirus

Trojan

13.191.14658

Malwarebytes

PUP.Optional.PayByAds.A

v2015.01.05.09

McAfee

Artemis!BA73D8DC5DD1

5600.6884

MicroWorld eScan

Adware.Agent.OGO

16.0.0.15

NANO AntiVirus

Riskware.Win32.Toolbar.ddtpee

0.28.6.63850

nProtect

Adware.Agent.OGO

14.12.02.01

Reason Heuristics

PUP.Montiera.PaybyAds

15.1.16.1

Sophos

PayByAds

4.98

Trend Micro House Call

ADW_AGENT

7.2.16

Trend Micro

ADW_AGENT

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

36694

File size:

522.9 KB (535,472 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\dsrlte.exe

Digital Signature

Signed by:

Pay-by-Ads Ltd

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2013 1:45:20 PM

Valid to:

12/16/2014 3:54:24 PM

Subject:

CN=Pay-by-Ads Ltd, O=Pay-by-Ads Ltd, L=Tel aviv, C=IL

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B0FFF59FB803E

File PE Metadata

Compilation timestamp:

6/12/2014 11:07:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:wlEr+kfmynUmXOlCcg0rGhgEP/OjE7jH4AE5HjJwDiqdRokfYqJ:E/EIE7jH4AE5WDiqboU

Entry address:

0x3D316

Entry point:

E8, AD, 83, 00, 00, E9, 89, FE, FF, FF, B8, 0D, 62, 44, 00, A3, 00, 5A, 46, 00, C7, 05, 04, 5A, 46, 00, 03, 59, 44, 00, C7, 05, 08, 5A, 46, 00, B7, 58, 44, 00, C7, 05, 0C, 5A, 46, 00, F0, 58, 44, 00, C7, 05, 10, 5A, 46, 00, 59, 58, 44, 00, A3, 14, 5A, 46, 00, C7, 05, 18, 5A, 46, 00, 85, 61, 44, 00, C7, 05, 1C, 5A, 46, 00, 75, 58, 44, 00, C7, 05, 20, 5A, 46, 00, D7, 57, 44, 00, C7, 05, 24, 5A, 46, 00, 63, 57, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, BE, 8E, 00, 00, DB... 
[+]

Code size:

320.5 KB (328,192 bytes)

The file dsrlte.exe has been discovered within the following program.

Yahoo! Search by Pay-by-Ads Ltd

This is NOT associated with Yahoo. Pay-By-Ads' Yahoo! Search is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

66% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to c4.3e.559e.ip4.static.sl-reverse.com (158.85.62.196:80)

TCP (HTTP):

Connects to ny1wv3280.xglobe.net (204.145.82.20:80)

TCP (HTTP):

Connects to NY1WV3561 (204.145.82.26:80)

TCP (HTTP):

Connects to NY1WV3438 (204.145.82.24:80)

TCP (HTTP):

Connects to NY1WV3659 (204.145.82.27:80)

TCP (HTTP):

Connects to server-54-230-11-201.lhr3.r.cloudfront.net (54.230.11.201:80)

TCP (HTTP):

Connects to server-52-85-63-43.lhr50.r.cloudfront.net (52.85.63.43:80)

TCP (HTTP):

Connects to ec2-52-77-68-183.ap-southeast-1.compute.amazonaws.com (52.77.68.183:80)

TCP (HTTP):

Connects to ny1wv3283.xglobe.net (204.145.82.23:80)

TCP (HTTP):

Connects to ec2-52-77-45-80.ap-southeast-1.compute.amazonaws.com (52.77.45.80:80)

TCP (HTTP):

Connects to 131.subnet180-250-66.speedy.telkom.net.id (180.250.66.131:80)

TCP (HTTP):

Connects to server-54-230-163-20.jax1.r.cloudfront.net (54.230.163.20:80)

TCP (HTTP SSL):

Connects to server-54-230-149-179.sin2.r.cloudfront.net (54.230.149.179:443)

TCP (HTTP):

Connects to server-54-230-11-83.lhr3.r.cloudfront.net (54.230.11.83:80)

TCP (HTTP SSL):

Connects to server-54-192-159-90.sin3.r.cloudfront.net (54.192.159.90:443)

TCP (HTTP):

Connects to a23-15-155-27.deploy.static.akamaitechnologies.com (23.15.155.27:80)

TCP (HTTP):

Connects to a23-15-149-163.deploy.static.akamaitechnologies.com (23.15.149.163:80)

Remove dsrlte.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.