Smartbar.Personalization.ServicesPlugins.CustomControl.dll

CustomControl

Veristaff. Com Ltd

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The module Smartbar.Personalization.ServicesPlugins.CustomControl.dll by Veristaff. Com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Veristaff. Com Ltd  (signed and verified)

Product:
CustomControl

Version:
1.0.0.0

MD5:
1a0e5fe3351da3acebdf3fe271dc33fe

SHA-1:
c71390917f350a5aabdcf6e4501ef351ed3f1a64

SHA-256:
ba1c13007072ed3612eea224a96d1e768d6a11b54ce6dc913612d5d6de95239a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 1:07:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Resoft.VeristaffCom (M)
16.1.19.10

File size:
31.1 KB (31,864 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
Smartbar.Personalization.ServicesPlugins.CustomControl.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\smartbar\common\servicesplugins\smartbar.personalization.servicesplugins.customcontrol.dll

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/14/2014 8:37:25 AM

Valid to:
7/15/2015 8:37:25 AM

Subject:
CN=Veristaff. Com Ltd, O=Veristaff. Com Ltd, L=Herzliya, S=Herzliya, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121327C47596D5E76D675A39A539249C1B5

File PE Metadata
Compilation timestamp:
8/17/2014 7:36:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:eQ/O97WXz/O9AA/O9p8fSTJU1oqyB9623HMN/ID:eQ6WjPAA8qT21+B9Vd

Entry address:
0x7DCE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 80, 00, 00, 78, 03...
 
[+]

Entropy:
7.1871

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
23.5 KB (24,064 bytes)