home

smartbar.installer.mini.exe

Internet Explorer

ReSoft LTD.

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application smartbar.installer.mini.exe, “Win32 Cabinet Self-Extractor ” by ReSoft has been detected as adware by 11 anti-malware scanners. This is a setup program which is used to install the application.
Publisher:
Microsoft Corporation  (signed by ReSoft LTD.)

Product:
Internet Explorer

Description:
Win32 Cabinet Self-Extractor

Version:
11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:
0bef61552097246f7d2a176ee8b8a481

SHA-1:
25fb8a83a577aad7776b74162cde33b103e6e0d2

SHA-256:
d054e5c2ffcf221342b46ea8a884b9e42c01803c708f2e14219d592773d90846

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
4/26/2024 3:45:44 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Linkury
7.1.1

Avira AntiVirus
APPL/Linkury.Gen2
7.11.170.208

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.1497

Comodo Security
ApplicUnwnt
19416

Dr.Web
Adware.Toolbar.273
9.0.1.0250

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10363

IKARUS anti.virus
PUA.Linkury
t3scan.1.7.5.0

McAfee
Artemis!0BEF61552097
5600.7015

Reason Heuristics
PUP.ReSoft.V
14.9.7.1

Trend Micro House Call
Suspicious_GEN.F47V0826
7.2.250

VIPRE Antivirus
Adware.Linkury
32792

File size:
485.5 KB (497,184 bytes)

Product version:
11.00.9600.16428

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE .MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\smartbar.installer.mini.exe

Digital Signature
Signed by:
ReSoft LTD.

Authority:
COMODO CA Limited

Valid from:
7/31/2013 5:00:00 PM

Valid to:
8/1/2015 4:59:59 PM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
10/13/2013 10:50:27 PM

OS version:
6.3

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:TQby909wD215dSrrv8dW/qty7N+apa9reQ:TQbyEq21CrvAy78Drf

Entry address:
0x67CC

Entry point:
E8, 07, 0B, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 58, 68, 68, 75, 40, 00, E8, BD, 0B, 00, 00, 33, DB, 89, 5D, E0, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 70, A1, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, BA, EC, 88, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 07, 3B, C7, 75, 16, 33, F6, 46, 83, 3D, F0, 88, 40, 00, 01, 75, 17, 6A, 1F, E8, 30, 09, 00, 00, 59, EB, 43, 68, E8, 03, 00, 00, FF, 15, 6C, A1, 40, 00, EB, C8, 39, 1D...
 
[+]

Entropy:
7.7643  (probably packed)

Code size:
25.5 KB (26,112 bytes)

The file smartbar.installer.mini.exe has been seen being distributed by the following URL.

http://gogeneral.blob.core.windows.net/.../Smartbar.Installer.Mini.exe

Remove smartbar.installer.mini.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.