» smia64.exe
Overview
Analysis
File Details
Programs (1)

smia64.exe

Smartbar.Monetization.InjectApp

VERISTAFF.COM LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application smia64.exe by VERISTAFF.COM has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program LPT System Updater Service by Linkury Ltd. which is a potentially unwanted software program.

File name:

smia64.exe

Publisher:

VERISTAFF.COM LTD (signed and verified)

Product:

Smartbar.Monetization.InjectApp

Version:

1.0.0.0

MD5:

a623841bf27aab079e674ddd54704d71

SHA-1:

abd4eb08c4905e60c372a9650d2280ca4c74ce5e

SHA-256:

833c68c42bb6154e1537478dc4ff0ec27fcf72e96aafb82d1b49e94584e00d6f

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 6:02:59 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Smartbar (M)

17.1.29.18

File size:

17 KB (17,424 bytes)

Product version:

1.0.0.0

Original file name:

smia.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\lpt\smia64.exe

Digital Signature

Signed by:

VERISTAFF.COM LTD

Authority:

COMODO CA Limited

Valid from:

9/14/2014 12:00:00 PM

Valid to:

9/15/2015 11:59:59 AM

Subject:

CN=VERISTAFF.COM LTD, OU=514841295, O=VERISTAFF.COM LTD, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2AF13BF1274B91869E8E8BA9B16282CA

File PE Metadata

Compilation timestamp:

11/19/2014 2:16:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

Entry address:

0x3B1E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4716

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

7 KB (7,168 bytes)

The file smia64.exe has been discovered within the following program.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

Remove smia64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.