» smartweb.exe
Overview
Analysis
File Details
Downloads (1)

smartweb.exe

SmartWeb

SoftBrain Technologies Ltd.

The application smartweb.exe, “SoftBrain Technologies Ltd. - Price Comparison” by SoftBrain Technologies has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. The file has been seen being downloaded from www.smart-web.me.

File name:

smartweb.exe

Publisher:

SoftBrain Technologies Ltd. (signed and verified)

Product:

SmartWeb

Description:

SoftBrain Technologies Ltd. - Price Comparison

Version:

8.0.6.2

MD5:

d836989adf200468750b0d1ff5c520c4

SHA-1:

6bf419257a263a4b94b681ff0f9a81086d59d1cf

SHA-256:

a4f069401e71050c51f1bcc3646e2cbcd790fe38fb7d8e8f89a7689ff03e4138

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

Displays offers (for product and services) of certain deals related to the search terms or context of a webpage which are popups outside the normal browser content.

Analysis date:

11/23/2024 7:58:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.SearchProtect.BE

722

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.209.128

AVG

Generic

2016.0.3200

Baidu Antivirus

PUA.Win32.PriceGong

4.0.3.15213

Bitdefender

Application.SearchProtect.BE

1.0.20.220

ESET NOD32

Win32/PriceGong.C potentially unwanted (variant)

9.11157

F-Secure

Application.SearchProtect.BE

11.2015-13-02_6

G Data

Application.SearchProtect.BE

15.2.25

IKARUS anti.virus

PUA.PriceGong

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.194.14930

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.2493

Malwarebytes

PUP.Optional.SmartWeb.A

v2015.02.13.08

McAfee

Artemis!D836989ADF20

5600.6856

MicroWorld eScan

Application.SearchProtect.BE

16.0.0.132

Panda Antivirus

Generic Suspicious

15.02.13.08

Reason Heuristics

PUP.Installer.SoftBrainTechnologies

15.4.24.0

Sophos

Generic PUA GL

4.98

Trend Micro House Call

Suspicious_GEN.F47V0114

7.2.44

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

File size:

740.1 KB (757,864 bytes)

Product version:

8.0.6

SoftBrain Technologies Ltd.

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\smartweb.exe

Digital Signature

Signed by:

SoftBrain Technologies Ltd.

Authority:

VeriSign, Inc.

Valid from:

2/24/2014 12:00:00 AM

Valid to:

2/24/2015 11:59:59 PM

Subject:

CN=SoftBrain Technologies Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SoftBrain Technologies Ltd., L=Or Yehuda, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

53F07650CBBFA5BC97F5276104D31164

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:zwU0j+mD3dix402BYGUCT7/Dnk22Rrs6wSsfkg5ChbTeL0j+m1PCdK2N:UU+DtCo77A2IrsH5ChbTI+18L

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9606

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file smartweb.exe has been seen being distributed by the following URL.

http://www.smart-web.me/

Remove smartweb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.