» smartwebinstaller.exe
Overview
Analysis
File Details
Downloads (1)

smartwebinstaller.exe

SmartWeb

SoftBrain Technologies Ltd.

The application smartwebinstaller.exe, “SoftBrain Technologies Ltd. - Price Comparison” by SoftBrain Technologies has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from inst.smart-web.me.

File name:

Publisher:

SoftBrain Technologies Ltd. (signed and verified)

Product:

SmartWeb

Description:

SoftBrain Technologies Ltd. - Price Comparison

Version:

8.0.8.1

MD5:

45a2d5f335e17e8fe30a9b2ece57da54

SHA-1:

26b272a2e8c583cb6f7fcc087b260cd0fa94b279

SHA-256:

87a789734cdc1b26646d4edf0afcde7d2521c7dc3d61f068c6fd8c5411acc561

Scanner detections:

6 / 68

Status:

Potentially unwanted

Explanation:

Displays offers (for product and services) of certain deals related to the search terms or context of a webpage which are popups outside the normal browser content.

Analysis date:

11/27/2024 3:02:09 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.207.112

Baidu Antivirus

PUA.Win32.PriceGong

4.0.3.1525

ESET NOD32

Win32/PriceGong.C potentially unwanted (variant)

9.11126

IKARUS anti.virus

PUA.PriceGong

t3scan.1.8.6.0

Malwarebytes

PUP.Optional.SmartWeb.A

v2015.02.05.01

Reason Heuristics

PUP.Installer.SoftBrainTechnologies

15.4.24.0

File size:

738.9 KB (756,656 bytes)

Product version:

8.0.8

SoftBrain Technologies Ltd.

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\smartwebinstaller.exe

Digital Signature

Signed by:

SoftBrain Technologies Ltd.

Authority:

Symantec Corporation

Valid from:

1/12/2015 7:00:00 PM

Valid to:

3/13/2016 7:59:59 PM

Subject:

CN=SoftBrain Technologies Ltd., O=SoftBrain Technologies Ltd., L=Or Yehuda, S=Israel, C=IL

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0E056BE2C82AF2FAD3F0D3BD43387AB2

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:bXe5SI7fWU9NN7/IgmierM8UCT7/DnkTKN1W5O+nXRbECt+FwIvnFBEYSI7fWU9F:je5nzWUzyh4877Au2L1UwcFBEYnzWUzL

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9615

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file smartwebinstaller.exe has been seen being distributed by the following URL.

http://inst.smart-web.me/inst/.../SmartWebInstaller.exe

Remove smartwebinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.