searchsnacks_5142014.exe

Search Snacks, LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application searchsnacks_5142014.exe, “Search Snacks Setup” by Search Snacks has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3g1r6z1ayef32.cloudfront.net and multiple other hosts.
Publisher:
Search Snacks  (signed by Search Snacks, LLC)

Product:
Search Snacks

Description:
Search Snacks Setup

Version:
1.9.0.5

MD5:
88861f17945ad501969475589b2f959d

SHA-1:
958f8ae15548135062d11af498120812729f26c3

SHA-256:
2434cf5a2782c598aa12b098bf45be87c3ea2c38668f76b7a7c1c24dbede8317

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/24/2024 3:51:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.SearchSnacks.U
14.7.17.10

VIPRE Antivirus
InfoAtoms
29456

File size:
1.1 MB (1,128,072 bytes)

Product version:
1.9.0.5

Copyright:
(c) 2014 Search Snacks

Original file name:
searchsnacks-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\66\searchsnacks_5142014.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/3/2014 4:07:56 PM

Valid to:
4/3/2016 4:07:56 PM

Subject:
E=support@search-snacks.com, CN="Search Snacks, LLC", O="Search Snacks, LLC", L=Dover, S=Delaware, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213239AF4AE4C69B97F803376A194F08F4

File PE Metadata
Compilation timestamp:
12/5/2009 4:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:hk8VkOn+HHB46n8BA+DNZAWVVQAy8YEvAq9QNLG82PO:JO3L8VNZqRPEc0O

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8519

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file searchsnacks_5142014.exe has been seen being distributed by the following 2 URLs.

Remove searchsnacks_5142014.exe - Powered by Reason Core Security