» Smartbar.Personalization.BusinessEntities.dll
Overview
Analysis
File Details

Smartbar.Personalization.BusinessEntities.dll

Smartbar.Personalization.BusinessEntities

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The module Smartbar.Personalization.BusinessEntities.dll has been detected as adware by 15 anti-malware scanners.

File name:

Publisher:

Microsoft* (Invalid match)

Product:

Smartbar.Personalization.BusinessEntities

Version:

1.2.0.0

MD5:

647e39289439c4bc713b499092fddb3c

SHA-1:

948098bf615f85e441323e4f4ee8bdefb5f0613f

SHA-256:

f73648fb03a087acb5e3c5a579cd5a75b65905348a6942822ef194119c643634

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/18/2024 1:38:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Linkury.B

857

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Bitdefender

Adware.Linkury.B

1.0.20.1370

Dr.Web

Trojan.Damaged.1

9.0.1.0274

Emsisoft Anti-Malware

PDF:Exploit.PDF-JS.FX

8.14.10.01.12

ESET NOD32

Win32/Toolbar.Linkury.G potentially unwanted application

8.7.0.302.0

G Data

Win32.Application.Linkury

14.10.24

McAfee

Artemis!9D1CD3007779

5600.6991

MicroWorld eScan

Adware.Linkury.B

15.0.0.822

nProtect

Adware.Linkury.B

14.08.06.01

Panda Antivirus

PUP/LinkUry

14.10.01.12

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.1.0

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10327

Trend Micro House Call

Suspicious_GEN.F47V0613

7.2.274

VIPRE Antivirus

Adware.Linkury

28638

File size:

90.5 KB (92,672 bytes)

Product version:

1.2.0.0

Original file name:

Smartbar.Personalization.BusinessEntities.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\smartbar\application\smartbar.personalization.businessentities.dll

File PE Metadata

Compilation timestamp:

12/16/2012 10:27:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:mkty5V+5ap00dfSQC0+xqyEk+Inwauh6fjp6NKaisQm2fIk/rHzOJh45RSVFojcu:q/+5ap06fx9+xqyEk+IwbAp6NKaisQmY

Entry address:

0x17FCE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 80, 01, 00, C4, 03... 
[+]

Entropy:

6.4474

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

88 KB (90,112 bytes)

Remove Smartbar.Personalization.BusinessEntities.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.