home

smartrewriterpro.exe

Smartbyte

The executable smartrewriterpro.exe, “SmartRewriterPro 8.87 Installation ” has been detected as malware by 8 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from sbfactory.ru.
Publisher:
Smartbyte

Description:
SmartRewriterPro 8.87 Installation

Version:
8.87

MD5:
7e33abdf12f33462e6b14bc1fcd3b7da

SHA-1:
b073bc97efdf723dd4ba6d8628072236efb812dd

SHA-256:
357384e14f441b05f8fcfcc014956c2d8e96a47dfb0126a4871564200faec107

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/27/2024 11:18:01 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Buzy.939.10
8.3.2.4

avast!
Win32:Malware-gen
2014.9-160126

IKARUS anti.virus
Trojan.Buzy
t3scan.1.9.5.0

McAfee
Artemis!7E33ABDF12F3
5600.6509

Qihoo 360 Security
Win32/Trojan.799
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16124

Trend Micro
TROJ_GEN.R002C0OLE15
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
45876

File size:
1.2 MB (1,301,038 bytes)

Copyright:
Smartbyte

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\smartrewriterpro.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:juIIz/sAS382am4HuSb/ePO8cHY1cnrq2Op3T3k7i7RFVcqEU/74IRw6Fbodcn:juIl8wHPOfHY1cnG2Op3TUm7SKEINog

Entry address:
0x17D98

Entry point:
55, 8B, EC, 83, C4, F0, B8, D0, 7C, 41, 00, E8, 38, AB, FE, FF, B8, F8, 7D, 41, 00, E8, 3E, 18, FF, FF, 8B, 15, AC, 86, 41, 00, 89, 02, 8B, 15, AC, 86, 41, 00, 8B, 12, A1, B0, 86, 41, 00, E8, 80, D5, FF, FF, 8B, 15, AC, 86, 41, 00, 8B, 12, A1, 50, 86, 41, 00, E8, 82, 71, FF, FF, A1, AC, 86, 41, 00, E8, 30, 0A, FF, FF, E8, 53, 9B, FE, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
91.5 KB (93,696 bytes)

The file smartrewriterpro.exe has been seen being distributed by the following URL.

http://sbfactory.ru/.../Smartrewriterpro.exe

Remove smartrewriterpro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.