muvic.exe

PINWID LTD

The application muvic.exe by PINWID has been detected as adware by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’. Additionally, the file is typically installed by a number of programs including Muvic Smartbar Engine by Pinwid Ltd. and Muvic Smartbar by Pinwid Ltd., both potentially unwanted software. While running, it connects to the Internet address 72.f.de.static.xlhost.com on port 80 using the HTTP protocol.
Publisher:
Smartbar  (signed by PINWID LTD)

Product:
Smartbar

Version:
10.211.58.15493

MD5:
5231097f7873c3c514fe6a59d0bef519

SHA-1:
bf1f47ca3b31c99d8b8d3115edba32641873f5bd

SHA-256:
ec5036b2a13e33944481252d455dfb24d198a02f73b73914709414b6b12e125a

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
3/14/2014 2:05:08 AM UTC  (seven months ago)

Scan engine
Detection
Engine version

Qihoo 360 Security
Win32/Trojan.8b1
1.0.0.1015

Reason Heuristics
PUP.Startup.PINWID.F
14.3.13.22

VIPRE Antivirus
Adware.Linkury
26974

File size:
27.5 KB (28,192 bytes)

Product version:
10.211.58.15493

Original file name:
Smartbar.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\user\appdata\local\smartbar\application\muvic.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/4/2014 7:00:00 PM

Valid to:
2/5/2015 6:59:59 PM

Subject:
CN=PINWID LTD, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46733, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D9AC9FC9A1B1E8FD63013E3CCE7B0578

File PE Metadata
Compilation timestamp:
2/25/2014 4:52:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:165evCvSUKDHEZNpcvp8l7bCTyD/TiVewowvS7CaIpPhcXZL8iXFPTeHI7KqqpnM:1OSF8ZrQYIuL8oPaHIkpMEl

Entry address:
0x68BA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4722

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
18.5 KB (18,944 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Browser Infrastructure Helper

Command:
C:\users\user\appdata\local\smartbar\application\muvic.exe startup


The file muvic.exe has been discovered within the following programs.

Muvic Smartbar  by Pinwid Ltd.
This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of banners and text-links (roll-overs) as well as some popup ads.
www.browse-search.com/?
80% remove it
Muvic Smartbar Engine  by Pinwid Ltd.
This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to unassigned-ptr.infinitumtech.net  (66.35.68.145:8089)

TCP (HTTP):
Connects to 72.f.de.static.xlhost.com  (206.222.15.114:80)

There are 5 known versions of muvic.exe by Smartbar.

4 / 68      (Adware)
muvic.exe  11.113.58.19232  (ed1675995c0cda59c30b6053117ccb333d60d6e2)

5 / 68      (Adware)
muvic.exe  11.111.58.19923  (2129cc9d7777b75e01b15f5df45b3abb5bd2e9c2)

7 / 68      (Adware)
muvic.exe  11.72.58.17767  (b5f3eab42911ae9ccced6da04547ba01a6c10a93)

6 / 68      (Adware)
muvic.exe  11.51.58.16919  (c423ad2da471f430c1ecccb3355b1430b4dd076e)

4 / 68      (Adware)
muvic.exe  11.40.58.16153  (0880470e8fbc61bf4fa3bc4db07939cdcffc0764)

3 / 68      (Adware)
Smartbar.GUI.MainClient.dll  (64368edb3b585c322b6a74844e3d065cc0a5b946)

1 / 68      (Adware)
savepass.exe  (3e91dbd10880ad83fd923767d49268863be38ef9)

6 / 68      (Adware)
shopop.exe  (6a7bb2cc71fc6c6278a2c133287f9a0317f912d5)

5 / 68      (Adware)
showpass.exe  (179e986264dfd6209643b7fde8cf0581316fa2e0)

Detection Incidence by Country