Smartbar.exe

Smartbar

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application Smartbar.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’. This file is typically installed with the program Messenger Plus! Community Smartbar by Messenger Plus! which is a potentially unwanted software program.
Publisher:
Smartbar

Product:
Smartbar

Version:
1.6.1.695

MD5:
89c8bef883cb18f9a8b43c3890c77a95

SHA-1:
5e86f968dc50d54b9f093a85f345316ba1841e75

SHA-256:
6f42e3565916c5b14308f5ccd09bd0ac712b8e67bb68935f0bf92b71b1a6afb5

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:55:50 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Agent
7.1.1

AhnLab V3 Security
Win-AppCare/Agent.K.13824.IT
2013.10.21

AVG
Toolbar
2015.0.3602

Bitdefender
Adware.Generic.460536
1.0.20.30

Boost by Reason
Optional.Startup.Smartbar.I
188163

Comodo Security
ApplicUnwnt
17137

Dr.Web
Trojan.MulDrop4.24551
9.0.1.06

Emsisoft Anti-Malware
Adware.Generic.460536
8.14.01.06.02

ESET NOD32
Win32/Toolbar.Linkury (variant)
8.8944

F-Secure
Adware.Generic.460536
11.2014-06-01_2

G Data
Adware.Generic.460536
14.1.22

herdProtect (fuzzy)
2014.1.26.1

MicroWorld eScan
Adware.Generic.460536
15.0.0.18

NANO AntiVirus
Trojan.Win32.MulDrop4.bgdyzq
0.26.0.55532

nProtect
Trojan/W32.Small.13824.JV
13.10.21.03

Reason Heuristics
PUP.Startup.Smartbar.I
14.2.21.5

Rising Antivirus
Trojan.Win32.Generic.144392CE
23.00.65.14104

Vba32 AntiVirus
AdWare.MSIL.Agent
3.12.24.3

VIPRE Antivirus
Adware.Linkury
22590

File size:
13.5 KB (13,824 bytes)

Product version:
1.6.1.695

Original file name:
Smartbar.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\smartbar\application\smartbar.exe

File PE Metadata
Compilation timestamp:
12/31/2012 3:55:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:JeWHL9x27Fgfm5+RIldORoDxmVamEt9fZw3qIKYZ:4Ky73mA9IqI/

Entry address:
0x4BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3334

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.5 KB (11,776 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Browser Infrastructure Helper

Command:
C:\users\{user}\appdata\local\smartbar\application\smartbar.exe startup


The file Smartbar.exe has been discovered within the following program.

The Toolbar installs into your Internet browser and allows you to search the Internet with MyWebSearch, a known potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.
pages.msgplus.net/toolbar/faq.html
62% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 50.75.c0ad.ip4.static.sl-reverse.com  (173.192.117.80:80)

TCP (HTTP):
Connects to 6f.75.c0ad.ip4.static.sl-reverse.com  (173.192.117.111:80)

TCP (HTTP):
Connects to ec2-34-196-117-110.compute-1.amazonaws.com  (34.196.117.110:80)

TCP (HTTP):
Connects to 57.9d.a86c.ip4.static.sl-reverse.com  (108.168.157.87:80)

TCP (HTTP):
Connects to 108.168.157.82-static.reverse.softlayer.com  (108.168.157.82:80)

Remove Smartbar.exe - Powered by Reason Core Security