» SmileFiles.exe
Overview
Analysis
File Details

SmileFiles.exe

SmileFiles Installer

Webitar Production Inc

The file SmileFiles.exe by Webitar Production Inc has been detected as adware by 15 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

SmileFiles.exe

Publisher:

http://smile-files.com (signed by Webitar Production Inc)

Product:

SmileFiles Installer

Version:

1, 0, 510, 1

MD5:

f9d45acdf73feb8df8064bb7312e630c

SHA-1:

af56f77df25ee4df30557249d1afdf78dd27a3e9

SHA-256:

e87572da424c36eef24c07be6d9ff2d2290168faecec82452592d9a07b770827

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/16/2024 3:25:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.79472

6764508

AVG

Generic

2016.0.3179

Bitdefender

Gen:Variant.Strictor.79472

1.0.20.325

Emsisoft Anti-Malware

Gen:Variant.Strictor.79472

9.0.0.4799

ESET NOD32

Win32/ExpressDownloader.K potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Strictor.79472

5.13.68

G Data

Gen:Variant.Strictor.79472

15.3.25

K7 AntiVirus

Unwanted-Program

13.200.15178

Malwarebytes

PUP.Optional.SmileFiles.A

v2015.03.06.01

Microsoft Security Essentials

Threat.Undefined

1.193.1762.0

MicroWorld eScan

Gen:Variant.Strictor.79472

16.0.0.195

Panda Antivirus

Trj/Genetic.gen

15.03.06.01

Reason Heuristics

PUP.Installer.WebitarProduction

15.3.6.1

Sophos

PUA 'Smile Files Downloader' (of type Adware)

5.11

VIPRE Antivirus

Threat.4657539

37788

File size:

3.3 MB (3,485,568 bytes)

Product version:

1.0.0.1

Original file name:

SmileFiles.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\2ynmusvuyv.tmp

Digital Signature

Signed by:

Webitar Production Inc

Authority:

DigiCert Inc

Valid from:

11/10/2014 7:00:00 PM

Valid to:

11/15/2017 7:00:00 AM

Subject:

CN=Webitar Production Inc, O=Webitar Production Inc, L=Mahe, C=SC

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F9F8704E151CAFCFEFEECFBBA733C63

File PE Metadata

Compilation timestamp:

1/23/2015 5:56:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:+25oSWn4CRVEcnKY+XRsMIuqoidRE3Vxte+HVG1vjIksU+KGc+KC5OY2PPUn7QY7:7W4CRKBXaFqFDHgsYGJDwYei7/IcRyF+

Entry address:

0x271E74

Entry point:

E8, 07, D7, F9, FF, 20, 3B, 13, 82, A1, CA, 61, 1F, 29, 0A, 0E, 1B, CA, C1, 94, A7, 6B, 66, 11, F2, E3, D0, 85, 9A, 4B, 3C, FC, F9, 82, 69, 32, 39, 42, 2D, 01, 3F, C7, D5, 09, 1D, 18, C6, F6, 01, BA, D9, EF, 06, 0B, 05, AE, 8F, 68, 5E, 5D, 46, 31, 1D, DB, 25, 7F, 09, 28, 27, F9, 9D, 24, 09, CC, EF, F5, FF, 54, 3D, 11, 10, 0D, 9E, 57, 3B, BD, 4C, D2, 46, D7, 45, F5, 07, C8, C1, 9E, 63, 35, F1, 5E, 15, F4, A8, B2, EA, E9, B5, E2, CF, 28, 50, 5B, 43, 59, 01, 02, 9A, 97, 38, 1E, A1, 92, 95, 8A, BE, D5, E3, FA... 
[+]

Entropy:

7.9938 (probably packed)

Code size:

932 KB (954,368 bytes)

Remove SmileFiles.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.