» Smartbar.Monetization.Proxy.ProxyRemover.exe
Overview
Analysis
File Details
Programs (1)

Smartbar.Monetization.Proxy.ProxyRemover.exe

ProxyRemover

PINWID LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application Smartbar.Monetization.Proxy.ProxyRemover.exe by PINWID has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program ShowPass Smartbar by ReSoft Ltd. which is a potentially unwanted software program.

File name:

Publisher:

PINWID LTD (signed and verified)

Product:

ProxyRemover

Version:

1.0.0.0

MD5:

2d493a3a6a96be46579c74fb4c7f02be

SHA-1:

44599e262739144c40bf13d8f29a6bed6647f4c6

SHA-256:

d2f0c63da7426b4fc1d6731a55cfe743cb38ec7dc868cf269a5cb9ec53b9ea5c

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/26/2024 8:08:22 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Linkury.Gen2

7.11.169.168

AVG

MalSign.Pindi

2015.0.3362

IKARUS anti.virus

AdWare.Linkury

t3scan.1.6.1.0

Reason Heuristics

PUP.PINWID.f

14.9.3.21

File size:

22.5 KB (23,064 bytes)

Product version:

1.0.0.0

Original file name:

Smartbar.Monetization.Proxy.ProxyRemover.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\lpt\smartbar.monetization.proxy.proxyremover.exe

Digital Signature

Signed by:

PINWID LTD

Authority:

COMODO CA Limited

Valid from:

8/12/2014 9:00:00 PM

Valid to:

8/13/2015 8:59:59 PM

Subject:

CN=PINWID LTD, OU=514841295, O=PINWID LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009956EF23AED48987569DC3E7434BBB19

File PE Metadata

Compilation timestamp:

9/1/2014 5:19:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:sn9XmRpa1YjyAzqjt9MyYD68nhCxYPLg8fn08k:sn92j49dYDbMEfU

Entry address:

0x52C6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

13 KB (13,312 bytes)

The file Smartbar.Monetization.Proxy.ProxyRemover.exe has been discovered within the following program.

ShowPass Smartbar by ReSoft Ltd.

ShowPass Smartbar is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

snap.do

63% remove it

Remove Smartbar.Monetization.Proxy.ProxyRemover.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.