home

smrts.exe

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application smrts.exe by Sailor Project has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dmrm038s4vkzd.cloudfront.net and multiple other hosts. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Sailor Project  (signed and verified)

Description:
Cjfbnvmxp

Version:
7.9.1.3

MD5:
5f4e4ca9352982687eafbd14ee7edc5e

SHA-1:
16792f1cd68dce055668429fe5f2bb963209506c

SHA-256:
675e70253c3fb905803bebdecbddd5731663ab4f474e5ef5d14478772d77b36c

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/23/2024 5:13:25 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Adware.Agent-6597
0.98/21411

IKARUS anti.virus
PUA.PlusHD
t3scan.1.6.1.0

Reason Heuristics
PUP.SailorProject.F
14.7.28.4

File size:
7.8 MB (8,145,568 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\smrts.exe

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/18/2014 1:00:00 AM

Valid to:
7/19/2015 12:59:59 AM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
12/4/2012 1:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:lmHwwgF9tM0yE1gDjg1iyIV0VyCvu/9dr1l0K1Pr4WwL6pI:lEwwu9Jy0gDjg1iDV0Vnvu1d5GeXO

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9985  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file smrts.exe has been seen being distributed by the following 3 URLs.

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/SmartSaverPlus/.../smrts.exe

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/SmartSaverPlus/.../smrts.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/SmartSaverPlus/.../smrts.exe

Remove smrts.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.