» muvic.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (3)

muvic.exe

PINWID LTD

The application muvic.exe by PINWID has been detected as adware by 5 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’. Additionally, the file is typically installed by a number of programs including Muvic Smartbar by Pinwid Ltd. and Muvic Smartbar Engine by Pinwid Ltd., both potentially unwanted software. While running, it connects to the Internet address entrenaonda.45.197.232.186-BGP.entrenaonda.com.br on port 80 using the HTTP protocol.

File name:

muvic.exe

Publisher:

Smartbar (signed by PINWID LTD)

Product:

Smartbar

Version:

11.111.58.19923

MD5:

7e3f6cf0b7ca3aae5fb8321e246fef43

SHA-1:

2129cc9d7777b75e01b15f5df45b3abb5bd2e9c2

SHA-256:

c14c6f1b979e34f439b9e31185398abc7175f105e933821490fd82420f0b514b

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/26/2024 1:04:57 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Linkury.Gen2

7.11.177.116

AVG

Pinwid

2015.0.3326

Baidu Antivirus

Adware.Win32.Linkury

4.0.3.141010

Reason Heuristics

PUP.Startup.PINWID.F

14.10.10.8

VIPRE Antivirus

Adware.Linkury

33782

File size:

29 KB (29,720 bytes)

Product version:

11.111.58.19923

Original file name:

Smartbar.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\smartbar\application\muvic.exe

Digital Signature

Signed by:

PINWID LTD

Authority:

COMODO CA Limited

Valid from:

8/13/2014 8:00:00 AM

Valid to:

8/14/2015 7:59:59 AM

Subject:

CN=PINWID LTD, OU=514841295, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009956EF23AED48987569DC3E7434BBB19

File PE Metadata

Compilation timestamp:

10/6/2014 7:32:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:GOYELXm03crbHTve/IuhPUqFIUzPDMEfJm:TDXmocDewu9UqFXP5xm

Entry address:

0x6F6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4267

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

20 KB (20,480 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Browser Infrastructure Helper

Command:

C:\users\{user}\appdata\local\smartbar\application\muvic.exe startup

The file muvic.exe has been discovered within the following programs.

Muvic Smartbar by Pinwid Ltd.

This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of banners and text-links (roll-overs) as well as some popup ads.

www.browse-search.com/?

80% remove it

Muvic Smartbar Engine by Pinwid Ltd.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

82% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to entrenaonda.45.197.232.186-BGP.entrenaonda.com.br (186.232.197.45:80)

TCP (HTTP):

Connects to entrenaonda.42.197.232.186-BGP.entrenaonda.com.br (186.232.197.42:80)

TCP (HTTP):

Connects to entrenaonda.15.197.232.186-BGP.entrenaonda.com.br (186.232.197.15:80)

Remove muvic.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.