» file_to_run551779.exe
Overview
Analysis
File Details

file_to_run551779.exe

Search Safer Inc.

The application file_to_run551779.exe by Search Safer has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Search Safer Inc. (signed and verified)

MD5:

977f548e1d72346bc258637bd7465c9f

SHA-1:

69420d70624a7a2459451fb6f334a44f6f74c52b

SHA-256:

29e7fc1884087832e97f8b2c55097b94b251cfc3f40971bdea3fcbd45b81ccf4

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

5/30/2024 6:35:55 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Plugin.162

9.0.1.068

McAfee

Artemis!977F548E1D72

5600.7197

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Reason Heuristics

PUP.SearchSafer.R

14.8.8.0

Trend Micro House Call

TROJ_GEN.F47V0305

7.2.68

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

GamePlayLabs

27146

File size:

2.1 MB (2,220,704 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\file_to_run551779.exe

Digital Signature

Signed by:

Search Safer Inc.

Authority:

DigiCert Inc

Valid from:

1/7/2014 1:00:00 AM

Valid to:

2/10/2016 1:00:00 PM

Subject:

CN=Search Safer Inc., O=Search Safer Inc., L=San Francisco, S=California, C=US, PostalCode=94107, STREET=665 3rd st, STREET=suite 150, SERIALNUMBER=5189473, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0A9503052352494760E64F027ED81BDA

File PE Metadata

Compilation timestamp:

12/5/2009 11:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:HLYkQzv2Ve0wqWQmn5cPcpLA5Qzjr6AvBmTJme8PaNd:Hpuv6/Pw5c0paujB4ln8Ped

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove file_to_run551779.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.