Smartbar.Installer.Mini.exe

Windows Internet Explorer

ReSoft LTD.

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application Smartbar.Installer.Mini.exe, “Win32 Cabinet Self-Extractor ” by ReSoft has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed by ReSoft LTD.)

Product:
Windows® Internet Explorer

Description:
Win32 Cabinet Self-Extractor

Version:
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

MD5:
7c84014d986eb2a1e33902cb76de3c4a

SHA-1:
3260d87d17a371f6d8ff6fdc23853e230c94ebc5

SHA-256:
ee6fe6913db07b3e0c28a691396809c5423271bb8cdefc085011889e48153fa6

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/24/2024 11:59:29 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1561
9.0.1.010

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.9257

Reason Heuristics
PUP.ReSoft.V
14.8.8.1

Trend Micro House Call
TROJ_GEN.F47V1220
7.2.10

Trend Micro
ADW_LINKURY
10.465.12

VIPRE Antivirus
Adware.Linkury
25176

File size:
501 KB (513,056 bytes)

Product version:
10.00.9200.16521

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\smartbar.installer.mini.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/1/2013 3:00:00 AM

Valid to:
8/2/2015 2:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
2/17/2013 9:00:50 AM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
12288:vtey9032ejcczsH3vcvl52z82q/siuhC+rZWz+6i:cy82e4czkUNyy/+hCEQ/i

Entry address:
0x6926

Entry point:
E8, 06, 08, 00, 00, E9, 0D, FE, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 00, 80, 40, 00, 75, 03, C2, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, A3, 20, 87, 40, 00, 89, 0D, 1C, 87, 40, 00, 89, 15, 18, 87, 40, 00, 89, 1D, 14, 87, 40, 00, 89, 35, 10, 87, 40, 00, 89, 3D, 0C, 87, 40, 00, 66, 8C, 15, 38, 87, 40, 00, 66, 8C, 0D, 2C, 87, 40, 00, 66, 8C, 1D, 08, 87, 40, 00, 66, 8C, 05, 04, 87, 40, 00, 66, 8C, 25, 00, 87, 40, 00, 66, 8C, 2D, FC, 86, 40, 00, 9C, 8F, 05, 30...
 
[+]

Entropy:
7.7822  (probably packed)

Code size:
25.5 KB (26,112 bytes)

The file Smartbar.Installer.Mini.exe has been seen being distributed by the following URL.

Remove Smartbar.Installer.Mini.exe - Powered by Reason Core Security