SmarterPower.FirstRun.exe

FirstRun

SmarterPower

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application SmarterPower.FirstRun.exe by SmarterPower has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
SmarterPower  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
2dc36d0e0db04721654f6856681e88a7

SHA-1:
027b74ff6406e978a4a6c7eea6b4eaf7c3186eaf

SHA-256:
943d6d0835dddc2e002ab6ccf4930d48cc6dba40ee4e1decbf8c156bb20bf913

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
12/23/2024 11:22:46 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.2.26.23

File size:
1.1 MB (1,123,576 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
SmarterPower.FirstRun.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\smarterpower\smarterpower.firstrun.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/4/2014 9:00:00 PM

Valid to:
8/5/2015 8:59:59 PM

Subject:
CN=SmarterPower, O=SmarterPower, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38D7C83A73CB4E3AC85648608E3170D8

File PE Metadata
Compilation timestamp:
9/7/2014 7:29:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x1121EA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 3C, 03, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, 40, 11, 00, E0, 02, 00, 00, 00, 00, 00, 00, E0, 02, 34, 00, 00, 00, 56, 00, 53, 00, 5F, 00, 56, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,114,624 bytes)

Remove SmarterPower.FirstRun.exe - Powered by Reason Core Security