» productsremovaltool.exe
Overview
Analysis
File Details
Programs (1)

productsremovaltool.exe

Smartbar.Resources.ProductsRemovalTool

PINWID LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application productsremovaltool.exe by PINWID has been detected as adware by 6 anti-malware scanners. This file is typically installed with the program BeeCoupons Smartbar by Pinwid Ltd. which is a potentially unwanted software program.

File name:

Publisher:

PINWID LTD (signed and verified)

Product:

Smartbar.Resources.ProductsRemovalTool

Version:

1.0.0.0

MD5:

8ec8a4d25126085f0a36dab231b32ba2

SHA-1:

9a202520b90b9e511fa9c76cad8719bf0b5c5a18

SHA-256:

455045aae56a81c1e0f8903cfae6a269104c29f4042d51a9accee4ca0a3ad6e1

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/18/2024 8:58:00 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Linkury.Gen2

7.11.169.168

AVG

MalSign.Pindi

2015.0.3299

IKARUS anti.virus

AdWare.Linkury

t3scan.1.6.1.0

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Reason Heuristics

PUP.PINWID.T

14.11.5.19

VIPRE Antivirus

Adware.Linkury

27684

File size:

120 KB (122,912 bytes)

Product version:

1.0.0.0

Original file name:

Smartbar.Resources.ProductsRemovalTool.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\smartbar\application\productsremovaltool.exe

Digital Signature

Signed by:

PINWID LTD

Authority:

COMODO CA Limited

Valid from:

2/4/2014 4:00:00 PM

Valid to:

2/5/2015 3:59:59 PM

Subject:

CN=PINWID LTD, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46733, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D9AC9FC9A1B1E8FD63013E3CCE7B0578

File PE Metadata

Compilation timestamp:

3/31/2014 5:58:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:XGJV8T7zbcChFsnpaYBh034WGMECLJhzWsvvUWo:XDFaC341FCXzW

Entry address:

0x1D7A6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D0, 01, 00, 0C, 00, 00, 00, A8, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7599

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

110 KB (112,640 bytes)

The file productsremovaltool.exe has been discovered within the following program.

BeeCoupons Smartbar by Pinwid Ltd.

This adware injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with the software or its affiliate partners.

www.browse-search.com

88% remove it

Remove productsremovaltool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.