searchsnacks-setup.exe

Search Snacks, LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application searchsnacks-setup.exe, “Search Snacks Setup” by Search Snacks has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.
Publisher:
Search Snacks  (signed by Search Snacks, LLC)

Product:
Search Snacks

Description:
Search Snacks Setup

Version:
1.9.0.8

MD5:
c1c4a2e265ce54aafcde9d35240c8b43

SHA-1:
39327190ccfee3614c4a4abac97a03ca11a8bac1

SHA-256:
4233210cdb589c9b4fb8e404df91d0954b04373082d43fdce6e66d1658cd8bbc

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/24/2024 2:16:35 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Vitruvian
4.0.3.15831

Dr.Web
Adware.Plugin.274
9.0.1.0243

ESET NOD32
Win32/AdWare.Vitruvian (variant)
9.10299

herdProtect (fuzzy)
2015.8.31.14

IKARUS anti.virus
PUA.RiskWare.NetFilter
t3scan.1.7.5.0

Reason Heuristics
PUP.InfoAtoms.SearchSnacks.Installer (M)
15.7.28.17

VIPRE Antivirus
InfoAtoms
32450

File size:
1.1 MB (1,129,336 bytes)

Product version:
1.9.0.8

Copyright:
(c) 2014 Search Snacks

Original file name:
searchsnacks-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\searchsnacks-setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/4/2014 6:07:56 AM

Valid to:
4/4/2016 6:07:56 AM

Subject:
E=support@search-snacks.com, CN="Search Snacks, LLC", O="Search Snacks, LLC", L=Dover, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213239AF4AE4C69B97F803376A194F08F4

File PE Metadata
Compilation timestamp:
12/6/2009 7:52:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:vBzD09YKSKkhLx64xOGoRWGZofqN2mCqCM6tTAuWVEmchKLte+yOKwtzMD4et4d:vJEYKqLxfAWq5CqCtGVrMKLtxyOr4ETd

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8514

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove searchsnacks-setup.exe - Powered by Reason Core Security