home

Smartbar.Personalization.ServicesPlugins.DMP.dll

DefaultMailProvider

Yuna Software Limited

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The module Smartbar.Personalization.ServicesPlugins.DMP.dll by Yuna Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft  (signed by Yuna Software Limited)

Product:
DefaultMailProvider

Version:
1.2.0.0

MD5:
7f09da91a24627fb666b0edabe517ac2

SHA-1:
9eb18d0a748e3dd15ffd02ff29962bacb1bcd31f

SHA-256:
8c24f106b835038758ca87f76a63d5a7e91113b41682210d33de1d77d20d686e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 11:29:39 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.2.13.12

File size:
12.3 KB (12,616 bytes)

Product version:
1.2.0.0

Copyright:
Copyright © Microsoft 2010

Original file name:
Smartbar.Personalization.ServicesPlugins.DMP.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\smartbar\common\servicesplugins\smartbar.personalization.servicesplugins.dmp.dll

Digital Signature
Signed by:
Yuna Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/19/2009 10:00:00 PM

Valid to:
10/19/2012 8:59:59 PM

Subject:
CN=Yuna Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Yuna Software Limited, L=St. Helier, S=Jersey, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DF4318F9EA4EEB8E01F4B0B02CDF983

File PE Metadata
Compilation timestamp:
3/20/2012 11:01:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:IYeHHKWJmteZ1pJbTtIcrHT2uVWHcMhyowJL/8to+ebCfKQpkqs1IRWLPq8:IYeHj4epRtI4HWHcMhYJLI+bCw1H5

Entry address:
0x312E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.5 KB (4,608 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.