» SearchSnacksAutoUpdateClient.exe
Overview
Analysis
File Details
Behaviors (1)

SearchSnacksAutoUpdateClient.exe

Search Snacks AutoUpdate Client

Search Snacks, LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application SearchSnacksAutoUpdateClient.exe by Search Snacks has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.

File name:

Publisher:

Search Snacks (signed by Search Snacks, LLC)

Product:

Search Snacks AutoUpdate Client

Version:

1.10.0.9

MD5:

ec7522d23200e2e5a7a183cfef775afb

SHA-1:

249c9addfde5654f2f079df84280402998231066

SHA-256:

38d8dcd3991bea86fda84efc0932155ea42231c614a1eb188402b9c6d621441c

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 7:49:02 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InfoAtoms (M)

16.9.20.22

File size:

266.1 KB (272,480 bytes)

Product version:

1.10.0.9

Original file name:

SearchSnacksAutoUpdateClient.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\searchsnacks_1.10.0.9\update\searchsnacksautoupdateclient.exe

Digital Signature

Signed by:

Search Snacks, LLC

Authority:

GlobalSign nv-sa

Valid from:

4/3/2014 11:07:56 PM

Valid to:

4/3/2016 11:07:56 PM

Subject:

E=support@search-snacks.com, CN="Search Snacks, LLC", O="Search Snacks, LLC", L=Dover, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11213239AF4AE4C69B97F803376A194F08F4

File PE Metadata

Compilation timestamp:

2/3/2015 10:30:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:tYEQO++5WvCdfPOvr4U1pEHBAnpK37nX+rV5VqfAyxfys44Sy4t508gDrHPsQH1g:tYE0+5WvCdfPOvr4Err6ioRHn7cN

Entry address:

0x424AA

Entry point:

FF, 25, B8, 24, 44, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8C, 24, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, F9, 2F, D1, 54, 00, 00, 00, 00, 02, 00, 00, 00, 93, 00, 00, 00, DC, 24, 04, 00, DC, 06, 04, 00, 52, 53, 44, 53, EF, EE, E9, BF, 6D, D2, 6B, 4C, AF, FF, 41, 83, E9, D7, 53, 60, 01, 00, 00, 00, 43, 3A, 5C, 43, 4F, 44, 45, 5C, 76, 69, 74, 72, 75, 76, 69, 61, 6E, 5C, 63, 6C, 69, 65, 6E, 74, 5C, 49, 6E, 73, 74, 61, 6C, 6C, 65, 72, 73, 5C, 57, 69, 6E, 64, 6F, 77, 73, 5C, 56, 69, 74, 72, 75, 76, 69, 61, 6E, 53... 
[+]

Entropy:

5.9537

Code size:

257.5 KB (263,680 bytes)

Scheduled Task

Task name:

SearchSnacks Auto Updater 1.10.0.9 Core

Trigger:

Logon (Runs on logon)

Description:

SearchSnacks Auto Updater 1.10.0.9 Core

Remove SearchSnacksAutoUpdateClient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.