snapdo.exe

ReSoft LTD.

The application snapdo.exe by ReSoft has been detected as adware by 13 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’. This file is typically installed with the program Snap.Do by ReSoft Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address bzq-179-18-159.static.bezeqint.net on port 8080.
Publisher:
Smartbar  (signed by ReSoft LTD.)

Product:
Smartbar

Version:
10.157.1.12889

MD5:
b5a8d3b1d824f202216f1151310dfaa3

SHA-1:
3c956c9fd549c9881e0802287d8b4acd011a7ee5

SHA-256:
733755bfcb9fce91c348cf8340c9b05681b970c964f28b7068e2266024792504

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/25/2024 1:36:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:SmartBar-A [PUP]
2014.9-140808

Bkav FE
W32.Clodced.Trojan
1.3.0.4613

Boost by Reason
Optional.Startup.ReSoft.G
188838

Dr.Web
Adware.Linkury.1
9.0.1.0364

ESET NOD32
Win32/Toolbar.Linkury (variant)
7.9190

herdProtect (fuzzy)
2013.12.26.0

IKARUS anti.virus
PUA.Linkury
t3scan.1.6.1.0

McAfee
Artemis!94F89BD2D309
5600.7266

Reason Heuristics
PUP.Startup.ReSoft.G
14.8.8.1

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Trend Micro House Call
TROJ_GEN.F47V1114
7.2.364

VIPRE Antivirus
Adware.Linkury
23846

File size:
21 KB (21,536 bytes)

Product version:
10.157.1.12889

Original file name:
Smartbar.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\smartbar\application\snapdo.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/1/2013 3:00:00 AM

Valid to:
8/2/2015 2:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
10/24/2013 2:01:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:rwbUx3jS87wkSFyPELe5+yVIldORoDkmVamEt92Zw34IL/s0DnhCxYPLg8JT:0bW32nMa8mA974IVDMEd

Entry address:
0x4E0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.2553

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
12 KB (12,288 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Browser Infrastructure Helper

Command:
C:\users\{user}\appdata\local\smartbar\application\snapdo.exe startup


The file snapdo.exe has been discovered within the following program.

Snap.Do  by ReSoft Ltd.
Snap.Do is a web browser addin/toolbar (depending on the browser it is installed within) that plugs into all the major web browsers including Internet Explorer, Chrome and Firefox. Snap.
snap.do
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to bzq-179-18-159.static.bezeqint.net  (212.179.18.159:8080)

Remove snapdo.exe - Powered by Reason Core Security