» productsremovaltool.exe
Overview
Analysis
File Details
Programs (1)

productsremovaltool.exe

Smartbar.Resources.ProductsRemovalTool

Linkury Ltd

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application productsremovaltool.exe by Linkury has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program SafeFinder Smartbar by Linkury Ltd. which is a potentially unwanted software program.

File name:

Publisher:

Linkury Ltd (signed and verified)

Product:

Smartbar.Resources.ProductsRemovalTool

Version:

1.0.0.0

MD5:

03d63170a7ba276a2dc2f17d3c45de11

SHA-1:

0ab67c028dc0dfd3d172e9eaa102ae93132d921e

SHA-256:

ea3590cea7249589f7ed95e589623bc18ffa6e99918dfa14e5e152995b9ac395

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/16/2024 10:15:31 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Linkury.Gen2

7.11.169.242

IKARUS anti.virus

AdWare.Linkury

t3scan.1.7.5.0

Panda Antivirus

PUP/LinkUry

14.08.29.12

Reason Heuristics

PUP.Smartbar.Linkury.T

14.8.31.19

VIPRE Antivirus

Threat.4783962

32210

File size:

120 KB (122,880 bytes)

Product version:

1.0.0.0

Original file name:

Smartbar.Resources.ProductsRemovalTool.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\smartbar\application\productsremovaltool.exe

Digital Signature

Signed by:

Linkury Ltd

Authority:

COMODO CA Limited

Valid from:

7/27/2014 2:00:00 AM

Valid to:

7/28/2015 1:59:59 AM

Subject:

CN=Linkury Ltd, O=Linkury Ltd, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B600072AC44F0CDE5DB4F94132028FFF

File PE Metadata

Compilation timestamp:

8/27/2014 5:33:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:rbUyC4ncChFsnpaYBh034WGMECLJhzWsCZgWi3V:zDFaC341FCXzW2

Entry address:

0x1D7EA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 01, 00, 0C, 00, 00, 00, EC, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

110 KB (112,640 bytes)

The file productsremovaltool.exe has been discovered within the following program.

SafeFinder Smartbar by Linkury Ltd.

SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

www.linkury.com/faq/s/faq.aspx?company=SafeFinder

67% remove it

Remove productsremovaltool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.