home

4866.exe

Smart Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application 4866.exe by Smart Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory.
Publisher:
Smart Apps  (signed and verified)

MD5:
1f039cbc8c9817cfe333008106353cb7

SHA-1:
0b614881f2b9bb667ffa0400089d93179eea74ad

SHA-256:
45aab05e8f8721dac8655f1b8543a6ceec6aefadb4e859ad7271348f4e4cc2f1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 8:37:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.50OnRed.SmartApps.Installer (M)
16.2.15.0

File size:
482 KB (493,552 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\4866.exe

Digital Signature
Signed by:
Smart Apps

Authority:
Thawte, Inc.

Valid from:
3/25/2013 1:00:00 AM

Valid to:
3/26/2014 12:59:59 AM

Subject:
CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata
Compilation timestamp:
2/19/2012 4:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
6144:KsaocyLCEurbFuVtK658c3ZNGQMoJ9us8nwSiq5dUF04apxlxF/KCPDj403b/Y+2:KtobwvKtKX6ks8zPbLXlPD/Y+RrzH0

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

Remove 4866.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.