whitesmoke.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application whitesmoke.exe by Montiera Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Whitesmoke Search Protect by WhiteSmoke which is a potentially unwanted software program.
Publisher:
Pay By Ads LTD  (signed by Montiera Technologies LTD)

Version:
1.3.0.0

MD5:
1447ec925e8c43d6716529cf4fd0179c

SHA-1:
8e7f327a8aa50bc0d4eea2e9cab88f3de8bf0675

SHA-256:
4f1a7cb78962c4277d3599e0c7727bda6b4f2d596abbd28fe0346a37cc32744d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 2:13:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Montiera (M)
16.9.4.7

File size:
502.9 KB (514,952 bytes)

Copyright:
All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\whitesmoke\whitesmoke\1.3.12.5\whitesmoke.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/22/2014 8:00:00 PM

Valid to:
7/23/2015 7:59:59 PM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
8/31/2014 1:26:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:c0ub9M6e+qYhIpZJ3h197jtNrn1NFKl6jmpr+IFIBobx4/3:kkb91TNFKl6jIFIBd/

Entry address:
0x3E6DE

Entry point:
E8, 4E, 84, 00, 00, E9, 89, FE, FF, FF, B8, 76, 76, 44, 00, A3, E0, F9, 46, 00, C7, 05, E4, F9, 46, 00, 6C, 6D, 44, 00, C7, 05, E8, F9, 46, 00, 20, 6D, 44, 00, C7, 05, EC, F9, 46, 00, 59, 6D, 44, 00, C7, 05, F0, F9, 46, 00, C2, 6C, 44, 00, A3, F4, F9, 46, 00, C7, 05, F8, F9, 46, 00, EE, 75, 44, 00, C7, 05, FC, F9, 46, 00, DE, 6C, 44, 00, C7, 05, 00, FA, 46, 00, 40, 6C, 44, 00, C7, 05, 04, FA, 46, 00, CC, 6B, 44, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 5F, 8F, 00, 00, DB...
 
[+]

Entropy:
6.2754

Code size:
346 KB (354,304 bytes)

The file whitesmoke.exe has been discovered within the following program.

Whitesmoke Search Protect  by WhiteSmoke
82% remove it
 
Powered by Should I Remove It?

Remove whitesmoke.exe - Powered by Reason Core Security