Smartbar.Personalization.ServicesPlugins.WordPlugin.dll

WordPlugin

PINWID LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The module Smartbar.Personalization.ServicesPlugins.WordPlugin.dll by PINWID has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
xxx  (signed by PINWID LTD)

Product:
WordPlugin

Version:
1.2.0.0

MD5:
0fd7df0ecf2bdd176be3d13d38a7cc0a

SHA-1:
80ffdf5dd492fd2bf6953ab98e744329a867821e

SHA-256:
f0c1b0a2cda994c011f728a013842d21a3ba9fcae5985a54f2fc46ba687bb1a4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 4:38:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Resoft (M)
16.11.24.13

File size:
25 KB (25,624 bytes)

Product version:
1.2.0.0

Copyright:
Copyright © xxx 2010

Original file name:
Smartbar.Personalization.ServicesPlugins.WordPlugin.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\smartbar\common\servicesplugins\smartbar.personalization.servicesplugins.wordplugin.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/12/2014 9:00:00 PM

Valid to:
8/13/2015 8:59:59 PM

Subject:
CN=PINWID LTD, OU=514841295, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=TLV, PostalCode=4672514, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009956EF23AED48987569DC3E7434BBB19

File PE Metadata
Compilation timestamp:
8/19/2014 1:02:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:ZDkPvY+ElvrmX7T+hUosyTYvm4xdYF1tMIvp/oTM+nhCxYPLg8fn0U:ZDktElzmm6BzIMIBATM+MEf9

Entry address:
0x5E6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
16 KB (16,384 bytes)