SmartbarInternetExplorerBHO.dll

SmartbarInternetExplorerBHO

ReSoft LTD.

The module SmartbarInternetExplorerBHO.dll by ReSoft has been detected as adware by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘SmartbarInternetExplorerBHOEngine’. Additionally, the file is typically installed by a number of programs including Snap.Do by ReSoft Ltd. and Linkury Smartbar by Linkury Inc., both potentially unwanted software.
Reason Core Security
Publisher:
ReSoft LTD.  (signed and verified)

Product:
SmartbarInternetExplorerBHO

Version:
1.0.0.0

MD5:
98e76a9bcaff8af2827cc0dc2415c1c2

SHA-1:
b05f74a3892b5e39160ba71f7737455512387e6b

SHA-256:
35e453fa6fd407c15251aa81e94d29f3ed8552dc84824611cfecc6f6129d414c

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
8/8/2014 5:11:11 AM UTC  (nine months ago)

Scan engine
Detection
Engine version

Boost by Reason
Optional.BHO.ReSoft.BB
188838

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.9427

Panda Antivirus
PUP/LinkUry
14.08.08.01

Reason Heuristics
PUP.BHO.ReSoft.BB
14.8.8.1

Trend Micro House Call
HV_ZYX_BK08328F.TOMC
7.2.220

VIPRE Antivirus
Adware.Linkury
28350

Reason Core Security
File size:
138 KB (141,344 bytes)

Product version:
1.0.0.0

Original file name:
SmartbarInternetExplorerBHO.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\smartbar\application\smartbarinternetexplorerbho.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/1/2013 8:00:00 AM

Valid to:
8/2/2015 7:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
51FA31336CEC649121E9A908289950D2

File PE Metadata
Compilation timestamp:
2/7/2014 3:15:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:5P+fweskpTX4TuQZNYRKUfAjtledhTmtaFyQHGvCXsedOGRc9izzr4yff8teLvHY:5+9Ub6GvCi09s2o2skAieC7HUdND

Entry address:
0x223EE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 40, 02, 00, 70, 03, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 70, 03, 34, 00, 00, 00, 56, 00, 53, 00, 5F, 00, 56, 00, 45, 00, 52, 00, 53, 00, 49, 00...
 
[+]

Entropy:
5.9470

Code size:
129 KB (132,096 bytes)

Internet Explorer BHO
CLSID:
{31ad400d-1b06-4e33-a59a-90c2c140cba0}

CLSID name:
SmartbarInternetExplorerBHOEngine


The file SmartbarInternetExplorerBHO.dll has been discovered within the following programs.

Linkury Smartbar  by Linkury Inc.
What the Smartbar does: - Changes the default search engine in your web browser's built-in search box. - Changes the default home page of your web browser. - Adds alternative "page not found" functionality. - Enable search from the address bar of your web browser.
www.linkury.com
67% remove it
Snap.Do  by ReSoft Ltd.
Snap.Do is a web browser addin/toolbar (depending on the browser it is installed within) that plugs into all the major web browsers including Internet Explorer, Chrome and Firefox. Snap.
snap.do
85% remove it
Snap.Do Engine  by ReSoft Ltd.
Snap.
83% remove it
 
Powered by Should I Remove It?

Reason Core Security