Smartbar.Personalization.ServicesPlugins.WordPlugin.dll

WordPlugin

ReSoft LTD.

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The module Smartbar.Personalization.ServicesPlugins.WordPlugin.dll by ReSoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
xxx  (signed by ReSoft LTD.)

Product:
WordPlugin

Version:
1.2.0.0

MD5:
1772f09070d036aa656e304f90f6efed

SHA-1:
83c307d4c50aceb88d94b7c6bc432a86b31eb091

SHA-256:
c317b6d77d23b1d2d12852eba1d77f5e46fe3445dd44840c0e11df39a6174640

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/26/2024 10:12:46 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Resoft (M)
17.3.15.11

File size:
14 KB (14,336 bytes)

Product version:
1.2.0.0

Copyright:
Copyright © xxx 2010

Original file name:
Smartbar.Personalization.ServicesPlugins.WordPlugin.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\smartbar\common\servicesplugins\smartbar.personalization.servicesplugins.wordplugin.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/30/2012 2:00:00 AM

Valid to:
7/31/2013 1:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7ABDE829D4244ADA77EE42C7A70C0FA3

File PE Metadata
Compilation timestamp:
3/14/2013 11:51:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x327E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
5 KB (5,120 bytes)