» smilebarupdater.exe
Overview
Analysis
File Details
Behaviors (1)

smilebarupdater.exe

Vladimir Melnichenok

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SmileBarUpdater’.

File name:

smilebarupdater.exe

Publisher:

Vladimir Melnichenok (signed and verified)

MD5:

aa967d3496a15ae116d8a32b24596cce

SHA-1:

eb1e2cf3bb544eb49b20ee49a7c9fef7196b246e

SHA-256:

195c3048d4d3a832581e9b6e3e6e013ff4b79c18ab792339cea9aa693c5aaf3a

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/14/2024 4:54:41 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod519.Trojan

1.3.0.4959

File size:

18.4 KB (18,872 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\smilebar\smilebarupdater.exe

Digital Signature

Signed by:

Vladimir Melnichenok

Authority:

COMODO CA Limited

Valid from:

3/14/2012 1:00:00 PM

Valid to:

3/15/2013 12:59:59 PM

Subject:

CN=Vladimir Melnichenok, O=Vladimir Melnichenok, STREET="21 A Komsomolskay Str,.", L="Kondopoga city,", S=Karelia, PostalCode=186220, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47BD728022F366FAE2107A9F1907309C

File PE Metadata

Compilation timestamp:

9/9/2011 7:32:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

384:HLMBBUIGRVduP2xemKHLrykeek7iG2T2OYx6OnpU9VCxV8WLz:rMBBlGRVdIEezyk/k7ih2OUKo8Wz

Entry address:

0x25E8

Entry point:

E8, 79, 04, 00, 00, E9, 36, FD, FF, FF, 6A, 14, 68, 98, 34, 40, 00, E8, AE, 00, 00, 00, FF, 35, 54, 44, 40, 00, 8B, 35, D0, 30, 40, 00, FF, D6, 59, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, CC, 30, 40, 00, 59, EB, 61, 6A, 08, E8, DE, 04, 00, 00, 59, 83, 65, FC, 00, FF, 35, 54, 44, 40, 00, FF, D6, 89, 45, E4, FF, 35, 50, 44, 40, 00, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, E8, AD, 04, 00, 00, 89, 45, DC, FF, 75, E4, 8B, 35, B8, 30, 40, 00, FF, D6, A3, 54, 44, 40, 00, FF, 75... 
[+]

Code size:

7.5 KB (7,680 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SmileBarUpdater

Command:

C:\Program Files\smilebar\smilebarupdater.exe

Scan smilebarupdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.