» SmartbarInternetExplorerBHO.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

SmartbarInternetExplorerBHO.dll

SafeFinder Smartbar

VERISTAFF.COM LTD

The module SmartbarInternetExplorerBHO.dll by VERISTAFF.COM has been detected as adware by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘SafeFinder SmartbarEngine’. This file is typically installed with the program SafeFinder Smartbar by Linkury Ltd. which is a potentially unwanted software program.

File name:

Publisher:

VERISTAFF.COM LTD (signed and verified)

Product:

SafeFinder Smartbar

Version:

1.0.0.0

MD5:

29f58e2bd543a4a255afee653b5ea742

SHA-1:

0b1a2eee9d03e89aad4c1000cbe63b6045c246ad

SHA-256:

ebf398a2b5c70abe723017f36c64ce85e0cd050d6ef8c8ce94dfaedd425adef5

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/25/2024 3:11:05 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Linkury.Gen2

7.11.189.70

AVG

Generic

2015.0.3277

Baidu Antivirus

Adware.Win32.Linkury

4.0.3.141128

Boost by Reason

Optional.BHO.VERISTAFFCOM.BB

188838

ESET NOD32

MSIL/Toolbar.Linkury.E potentially unwanted application

7.0.302.0

Reason Heuristics

PUP.BHO.VERISTAFFCOM.BB

14.12.4.0

File size:

139 KB (142,352 bytes)

Product version:

1.0.0.0

Original file name:

SmartbarInternetExplorerBHO.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\smartbar\application\smartbarinternetexplorerbho.dll

Digital Signature

Signed by:

VERISTAFF.COM LTD

Authority:

COMODO CA Limited

Valid from:

9/15/2014 8:00:00 AM

Valid to:

9/16/2015 7:59:59 AM

Subject:

CN=VERISTAFF.COM LTD, OU=514841295, O=VERISTAFF.COM LTD, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2AF13BF1274B91869E8E8BA9B16282CA

File PE Metadata

Compilation timestamp:

11/19/2014 10:19:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:iP+fwekpkpTX4TuQZNYRKUfAjtledhTmtaFyQHGvCXsedOGRc9izzr4yff8teLvX:iU9Ub6GvCi09s2o2skAieJ8Hp8fv9L6

Entry address:

0x2241E

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9582

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

129.5 KB (132,608 bytes)

Internet Explorer BHO

CLSID:

{31ad400d-1b06-4e33-a59a-90c2c140cba0}

CLSID name:

SafeFinder SmartbarEngine

The file SmartbarInternetExplorerBHO.dll has been discovered within the following program.

SafeFinder Smartbar by Linkury Ltd.

SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

www.linkury.com/faq/s/faq.aspx?company=SafeFinder

67% remove it

Remove SmartbarInternetExplorerBHO.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.