» SearchSnacksAutoUpdateClient.exe
Overview
Analysis
File Details
Behaviors (1)

SearchSnacksAutoUpdateClient.exe

Search Snacks AutoUpdate Client

Search Snacks, LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application SearchSnacksAutoUpdateClient.exe by Search Snacks has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.

File name:

Publisher:

Search Snacks (signed by Search Snacks, LLC)

Product:

Search Snacks AutoUpdate Client

Version:

1.10.0.5

MD5:

0f99b4bd2af66fe9c62b7a1cc38cbf22

SHA-1:

5ee5a676caac5177df3bd3bdeaa62e35658585ce

SHA-256:

a8a68c832d57375bf68b655020826747fa5ab8e6b2b544eebca7be3052f54bd0

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/24/2024 12:28:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Vitruvian.B

753

AVG

Snacks

2016.0.3231

Bitdefender

Adware.Vitruvian.B

1.0.20.60

Emsisoft Anti-Malware

Adware.Vitruvian

8.15.01.12.03

F-Secure

Adware.Vitruvian.B

11.2015-12-01_2

G Data

Adware.Vitruvian

15.1.24

MicroWorld eScan

Adware.Vitruvian.B

16.0.0.36

NANO AntiVirus

Trojan.Win32.Stealer.cwxrck

0.30.0.64448

nProtect

Adware.Vitruvian.B

15.01.09.01

Reason Heuristics

PUP.Task.SearchSnacks.CC

15.1.12.15

VIPRE Antivirus

InfoAtoms

36560

File size:

55.6 KB (56,928 bytes)

Product version:

1.10.0.5

Original file name:

SearchSnacksAutoUpdateClient.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\searchsnacks_1.10.0.5\update\searchsnacksautoupdateclient.exe

Digital Signature

Signed by:

Search Snacks, LLC

Authority:

GlobalSign nv-sa

Valid from:

4/3/2014 2:07:56 PM

Valid to:

4/3/2016 2:07:56 PM

Subject:

E=support@search-snacks.com, CN="Search Snacks, LLC", O="Search Snacks, LLC", L=Dover, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11213239AF4AE4C69B97F803376A194F08F4

File PE Metadata

Compilation timestamp:

12/11/2014 3:55:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:WDmMFtrSQvjI+Ps4hsMDbsarEz1+aDBGfFhCZXm5QDe9tKA8kO6tM71AOD12rwom:imMPs6VbsaotDBGfFhCUB9t7e+Cmm

Entry address:

0xDA5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5617

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

47 KB (48,128 bytes)

Scheduled Task

Task name:

SearchSnacks Auto Updater 1.10.0.5 Core

Trigger:

Daily (Runs daily at 12:55 PM)

Description:

SearchSnacks Auto Updater 1.10.0.5 Core

Remove SearchSnacksAutoUpdateClient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.