» Smartbar.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

Smartbar.exe

Yuna Software Limited

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application Smartbar.exe by Yuna Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’.

File name:

Smartbar.exe

Publisher:

Smartbar (signed by Yuna Software Limited)

Product:

Smartbar

Version:

1.2.0.0

MD5:

a00018c45a46b5d2ade0e8a0900ffb94

SHA-1:

44b462aa13a0e53b6dcd5cb5256ff46c690a7ec7

SHA-256:

6692f6f131fe7e4f50d95ff23a2b618d7706d41f9af68068c7ec11aa38742d15

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/16/2024 10:41:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.2.11.20

File size:

18.8 KB (19,272 bytes)

Product version:

1.2.0.0

Original file name:

Smartbar.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\smartbar\application\smartbar.exe

Digital Signature

Signed by:

Yuna Software Limited

Authority:

VeriSign, Inc.

Valid from:

10/20/2009 1:00:00 AM

Valid to:

10/20/2012 12:59:59 AM

Subject:

CN=Yuna Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yuna Software Limited, L=St. Helier, S=Jersey, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6DF4318F9EA4EEB8E01F4B0B02CDF983

File PE Metadata

Compilation timestamp:

5/7/2012 11:59:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:QdewdpFSfwe25+RIldORoDBmVamEt9fZw3rIsbRTYJLI+bCw19:+pBmA9IrIsdSLxbCs9

Entry address:

0x4AFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

11 KB (11,264 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Browser Infrastructure Helper

Command:

C:\users\{user}\appdata\local\smartbar\application\smartbar.exe startup

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 57.9d.a86c.ip4.static.sl-reverse.com (108.168.157.87:80)

TCP (HTTP):

Connects to 50.75.c0ad.ip4.static.sl-reverse.com (173.192.117.80:80)

Remove Smartbar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.