smartweb.exe

SmartWeb

SoftBrain Technologies Ltd.

The application smartweb.exe, “SoftBrain Technologies Ltd. - Price Comparison” by SoftBrain Technologies has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. The file has been seen being downloaded from www.smart-web.me.
Publisher:
SoftBrain Technologies Ltd.  (signed and verified)

Product:
SmartWeb

Description:
SoftBrain Technologies Ltd. - Price Comparison

Version:
8.0.6.2

MD5:
d836989adf200468750b0d1ff5c520c4

SHA-1:
6bf419257a263a4b94b681ff0f9a81086d59d1cf

SHA-256:
a4f069401e71050c51f1bcc3646e2cbcd790fe38fb7d8e8f89a7689ff03e4138

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
Displays offers (for product and services) of certain deals related to the search terms or context of a webpage which are popups outside the normal browser content.

Analysis date:
12/24/2024 2:10:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.SearchProtect.BE
722

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.209.128

AVG
Generic
2016.0.3200

Baidu Antivirus
PUA.Win32.PriceGong
4.0.3.15213

Bitdefender
Application.SearchProtect.BE
1.0.20.220

ESET NOD32
Win32/PriceGong.C potentially unwanted (variant)
9.11157

F-Secure
Application.SearchProtect.BE
11.2015-13-02_6

G Data
Application.SearchProtect.BE
15.2.25

IKARUS anti.virus
PUA.PriceGong
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.194.14930

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.2493

Malwarebytes
PUP.Optional.SmartWeb.A
v2015.02.13.08

McAfee
Artemis!D836989ADF20
5600.6856

MicroWorld eScan
Application.SearchProtect.BE
16.0.0.132

Panda Antivirus
Generic Suspicious
15.02.13.08

Reason Heuristics
PUP.Installer.SoftBrainTechnologies
15.4.24.0

Sophos
Generic PUA GL
4.98

Trend Micro House Call
Suspicious_GEN.F47V0114
7.2.44

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

File size:
740.1 KB (757,864 bytes)

Product version:
8.0.6

Copyright:
SoftBrain Technologies Ltd.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\smartweb.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/24/2014 12:00:00 AM

Valid to:
2/24/2015 11:59:59 PM

Subject:
CN=SoftBrain Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SoftBrain Technologies Ltd., L=Or Yehuda, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
53F07650CBBFA5BC97F5276104D31164

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:zwU0j+mD3dix402BYGUCT7/Dnk22Rrs6wSsfkg5ChbTeL0j+m1PCdK2N:UU+DtCo77A2IrsH5ChbTI+18L

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9606

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file smartweb.exe has been seen being distributed by the following URL.

Remove smartweb.exe - Powered by Reason Core Security