smartbar.installer.mini.exe

Windows Internet Explorer

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application smartbar.installer.mini.exe, “Win32 Cabinet Self-Extractor ” has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Windows® Internet Explorer

Description:
Win32 Cabinet Self-Extractor

Version:
10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

MD5:
c6a0952365c43fe24775e1ce22f5fba0

SHA-1:
a81c68264a18b8d43557e868b953330f452a7611

SHA-256:
975b05dfa428addd9a09322bc29fc4d0baa5614955c5fd91af45b00e436fa7bd

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:31:20 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
2014.9-130815

ESET NOD32
MSIL/Toolbar.Linkury
7.8916

IKARUS anti.virus
Win32.AdWare
t3scan.2.0.127

McAfee
Artemis!2DB8328ABEF8
5600.7270

MicroWorld eScan
Trojan.Generic.9649608
14.0.0.990

Trend Micro House Call
TROJ_GEN.R0CBOH0IO13
7.2.227

VIPRE Antivirus
Adware.Linkury
22388

File size:
458 KB (468,992 bytes)

Product version:
10.00.9200.16521

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\smartbar.installer.mini.exe

File PE Metadata
Compilation timestamp:
2/16/2013 11:00:50 PM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.10

CTPH (ssdeep):
6144:pjtSdp0yN90QExBUgfZ+NMPfERs+5vDid6tt0FJUA+CvFs/qa2D7uLzTtDDC:Nthy90Jks+jt6DUA56/f2/G/RD

Entry address:
0x6926

Entry point:
E8, 06, 08, 00, 00, E9, 0D, FE, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 00, 80, 40, 00, 75, 03, C2, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, A3, 20, 87, 40, 00, 89, 0D, 1C, 87, 40, 00, 89, 15, 18, 87, 40, 00, 89, 1D, 14, 87, 40, 00, 89, 35, 10, 87, 40, 00, 89, 3D, 0C, 87, 40, 00, 66, 8C, 15, 38, 87, 40, 00, 66, 8C, 0D, 2C, 87, 40, 00, 66, 8C, 1D, 08, 87, 40, 00, 66, 8C, 05, 04, 87, 40, 00, 66, 8C, 25, 00, 87, 40, 00, 66, 8C, 2D, FC, 86, 40, 00, 9C, 8F, 05, 30...
 
[+]

Entropy:
7.7555  (probably packed)

Code size:
25.5 KB (26,112 bytes)

The file smartbar.installer.mini.exe has been seen being distributed by the following URL.

Remove smartbar.installer.mini.exe - Powered by Reason Core Security