snapdo.exe

ReSoft LTD.

The application snapdo.exe by ReSoft has been detected as adware by 14 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’. Additionally, the file is typically installed by a number of programs including Snap.Do by ReSoft Ltd. and Snap.Do Engine by ReSoft Ltd., both potentially unwanted software.
Publisher:
Smartbar  (signed by ReSoft LTD.)

Product:
Smartbar

Version:
10.242.1.13535

MD5:
70c220a554f90e533796d20a55d60529

SHA-1:
e2a30e6f1cb226b297f90e91a86882884fa0cf17

SHA-256:
e0a9907f20a50fef9356e83bf1f52395008a7f9fc9ab109bf048ec3ba0378393

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
12/26/2024 1:51:45 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

avast!
Win32:SmartBar-A [PUP]
141119-1

Bkav FE
W32.Clodced.Trojan
1.3.0.4613

Boost by Reason
Optional.Startup.ReSoft.G
188838

Dr.Web
Adware.Linkury.1
9.0.1.05190

Emsisoft Anti-Malware
Gen:Adware.Heur.bm1@gfc1X4k
9.0.0.4570

ESET NOD32
Win32/Toolbar.Linkury.A potentially unwanted application
7.0.302.0

herdProtect (fuzzy)
2013.12.28.13

IKARUS anti.virus
PUA.Linkury
t3scan.1.6.1.0

McAfee
Artemis!94F89BD2D309
5600.7273

Reason Heuristics
PUP.Startup.ReSoft.G
14.8.8.1

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10435

Trend Micro House Call
TROJ_GEN.F47V1114
7.2.357

VIPRE Antivirus
Adware.Linkury
23846

File size:
20.5 KB (21,024 bytes)

Product version:
10.242.1.13535

Original file name:
Smartbar.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Application data\smartbar\application\snapdo.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/1/2013 7:00:00 AM

Valid to:
8/2/2015 6:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
11/17/2013 4:57:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:G+bUx3jS87wkSFyPELP5+yVIldORoDkmVamEt92Zw3GIL2o46nhCxYPLg8Jadn:pbW32nMatmA97GIM6MEgd

Entry address:
0x4D7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3631

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.5 KB (11,776 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Browser Infrastructure Helper

Command:
C:\Documents and Settings\{user}\Application data\smartbar\application\snapdo.exe startup


The file snapdo.exe has been discovered within the following programs.

Snap.Do  by ReSoft Ltd.
Snap.Do is a web browser addin/toolbar (depending on the browser it is installed within) that plugs into all the major web browsers including Internet Explorer, Chrome and Firefox. Snap.
snap.do
85% remove it
Snap.Do Engine  by ReSoft Ltd.
Snap.
83% remove it
 
Powered by Should I Remove It?

Remove snapdo.exe - Powered by Reason Core Security