» Smartbar.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (32)

Smartbar.exe

Yuna Software Limited

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application Smartbar.exe by Yuna Software Limited has been detected as a potentially unwanted program by 4 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’. This file is typically installed with the program Messenger Plus! Community Smartbar by Messenger Plus! which is a potentially unwanted software program.

File name:

Smartbar.exe

Publisher:

Smartbar (signed by Yuna Software Limited)

Product:

Smartbar

Version:

1.35.25.10903

MD5:

0017d5cbb8faad094d53a99977d002c7

SHA-1:

db277293ae81a184c382d675b4dcb39249e43eac

SHA-256:

2df132a16b230debac6cb9ae70c0222fbf44300f8d858cc87dfc3787ea875ee7

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 5:41:18 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Startup.YunaSoftwareLimited.I

188163

Dr.Web

Adware.Linkury.1

9.0.1.0356

ESET NOD32

Win32/Toolbar.Linkury (variant)

7.9144

Reason Heuristics

PUP.Startup.YunaSoftwareLimited.I

14.3.2.11

File size:

19.8 KB (20,272 bytes)

Product version:

1.35.25.10903

Original file name:

Smartbar.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\smartbar\application\smartbar.exe

Digital Signature

Signed by:

Yuna Software Limited

Authority:

VeriSign, Inc.

Valid from:

9/1/2012 12:00:00 AM

Valid to:

10/19/2015 11:59:59 PM

Subject:

CN=Yuna Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yuna Software Limited, L=St. Helier, S=Jersey, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

56EC82195199D735AD6E704B1B712CB5

File PE Metadata

Compilation timestamp:

6/16/2013 9:36:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:S0bUx3jS82wkSFyI5+yVIldORoD9mVamEt92Zw3JIS+/nYPLQiQSeMMt:3bW32MQmA97JI1/Hzt

Entry address:

0x4DAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

11.5 KB (11,776 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Browser Infrastructure Helper

Command:

C:\users\{user}\appdata\local\smartbar\application\smartbar.exe startup

The file Smartbar.exe has been discovered within the following program.

Messenger Plus! Community Smartbar by Messenger Plus!

The Toolbar installs into your Internet browser and allows you to search the Internet with MyWebSearch, a known potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.

pages.msgplus.net/toolbar/faq.html

62% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 50.75.c0ad.ip4.static.sl-reverse.com (173.192.117.80:80)

TCP (HTTP):

Connects to 6f.75.c0ad.ip4.static.sl-reverse.com (173.192.117.111:80)

TCP (HTTP):

Connects to 57.9d.a86c.ip4.static.sl-reverse.com (108.168.157.87:80)

TCP (HTTP):

Connects to cache.google.com (200.189.63.147:80)

TCP (HTTP):

Connects to hans-moleman.w3.org (128.30.52.100:80)

TCP (HTTP):

Connects to 94.31.29.128.IPYX-077437-ZYO.above.net (94.31.29.128:80)

TCP (HTTP):

Connects to ec2-34-198-103-218.compute-1.amazonaws.com (34.198.103.218:80)

TCP (HTTP):

Connects to 201-54-66-88.sercomtel.com.br (201.54.66.88:80)

TCP (HTTP):

Connects to 201-54-66-80.sercomtel.com.br (201.54.66.80:80)

TCP (HTTP):

Connects to ec2-52-71-17-52.compute-1.amazonaws.com (52.71.17.52:80)

TCP (HTTP):

Connects to a0.26.be.static.xlhost.com (209.190.38.160:80)

TCP (HTTP):

Connects to 201-54-66-72.sercomtel.com.br (201.54.66.72:80)

TCP (HTTP):

Connects to server-54-192-55-22.jfk6.r.cloudfront.net (54.192.55.22:80)

TCP (HTTP):

Connects to ec2-52-54-183-141.compute-1.amazonaws.com (52.54.183.141:80)

TCP (HTTP):

Connects to ec2-52-45-133-46.compute-1.amazonaws.com (52.45.133.46:80)

TCP (HTTP):

Connects to ec2-52-44-35-209.compute-1.amazonaws.com (52.44.35.209:80)

TCP (HTTP):

Connects to ec2-52-2-155-89.compute-1.amazonaws.com (52.2.155.89:80)

TCP (HTTP):

Connects to ec2-52-20-255-223.compute-1.amazonaws.com (52.20.255.223:80)

TCP (HTTP):

Connects to c4.3e.559e.ip4.static.sl-reverse.com (158.85.62.196:80)

TCP (HTTP):

Connects to b3.26.be.static.xlhost.com (209.190.38.179:80)

Remove Smartbar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.