home

smartrewriteractivation.exe

The executable smartrewriteractivation.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from sbfactory.ru.
MD5:
8995fc49fad93f9478a8aeaefef40ae9

SHA-1:
b83e32d3fc8957b8878fb5c006d245519a78e4b3

SHA-256:
9ea178d04e011b85b495dcf0be7f4afc648262c011dbe41e209ad16f2d86c443

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/5/2024 12:39:54 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Rogue.907264.5
8.3.2.4

avast!
Win32:Malware-gen
2014.9-160126

F-Prot
W32/A-6cce27ac
v6.4.7.1.166

G Data
Win32.Trojan.Agent.UJ9OK1
16.1.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.9.5.0

McAfee
RDN/Generic.dx!drf
5600.6509

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1077

VIPRE Antivirus
Trojan.Win32.Generic
45376

File size:
886 KB (907,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\smartrewriteractivation.exe

File PE Metadata
Compilation timestamp:
12/12/2014 11:00:52 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:UUWAr0/jTUY11afz6e6JsYWW+F+zFTB0gYSsxieopbrjhAgBGS1EBKBO+Y8xTVj7:+AS511gb6i+zbLYSdpt7BGS12KB7Qwm

Entry address:
0xBAC48

Entry point:
55, 8B, EC, 83, C4, F0, B8, F4, 46, 4B, 00, E8, F8, F2, F4, FF, A1, 7C, D3, 4B, 00, 8B, 00, E8, D0, 6F, FF, FF, A1, 7C, D3, 4B, 00, 8B, 00, B2, 01, E8, FE, 8C, FF, FF, 8B, 0D, A4, D4, 4B, 00, A1, 7C, D3, 4B, 00, 8B, 00, 8B, 15, DC, 3D, 4B, 00, E8, C2, 6F, FF, FF, A1, 7C, D3, 4B, 00, 8B, 00, E8, 06, 71, FF, FF, E8, FD, B1, F4, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
740.5 KB (758,272 bytes)

The file smartrewriteractivation.exe has been seen being distributed by the following URL.

http://sbfactory.ru/.../SmartRewriterActivation.exe

Remove smartrewriteractivation.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.