Smartbar.Personalization.ServicesPlugins.DMP.dll

DefaultMailProvider

ReSoft LTD.

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The module Smartbar.Personalization.ServicesPlugins.DMP.dll by ReSoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft  (signed by ReSoft LTD.)

Product:
DefaultMailProvider

Version:
1.2.0.0

MD5:
ca2db50d6b37f9813e2138e2cf82e42c

SHA-1:
25ae3104290576e33c3c0f5bcc7ba926a227f21e

SHA-256:
1160ed2ee1aab6e56cfe82e01f5800e3ee4a12af243b0d93c4206efe34061948

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/26/2024 10:13:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Resoft (M)
17.3.15.11

File size:
14 KB (14,336 bytes)

Product version:
1.2.0.0

Copyright:
Copyright © Microsoft 2010

Original file name:
Smartbar.Personalization.ServicesPlugins.DMP.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\smartbar\common\servicesplugins\smartbar.personalization.servicesplugins.dmp.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/30/2012 2:00:00 AM

Valid to:
7/31/2013 1:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7ABDE829D4244ADA77EE42C7A70C0FA3

File PE Metadata
Compilation timestamp:
3/14/2013 11:51:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x314E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.5 KB (4,608 bytes)