home

smartsaver+ 3-bg.exe

SmartSaver+ 3

Monkey Code Lab

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application smartsaver+ 3-bg.exe, “SmartSaver+ 3 exe” by Monkey Code Lab has been detected as adware by 13 anti-malware scanners. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
smart-saverplus  (signed by Monkey Code Lab)

Product:
SmartSaver+ 3

Description:
SmartSaver+ 3 exe

Version:
1000.1000.1000.1000

MD5:
4b45b6c15a02ab7cf7b3addb7b8cd5a0

SHA-1:
7d764b65667dcaacb73d22da51469b52a74bfb9a

SHA-256:
97e9ff8d46f6866e1a386724804949ddbb1e9767c8a59bc9a217ab2bf10000cf

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
5/7/2024 9:18:35 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Solimba
2014.08.23

Avira AntiVirus
Adware/CrossRider.pm
7.11.168.226

AVG
Generic
2015.0.3374

ESET NOD32
Win32/Toolbar.CrossRider.AL potentially unwanted application
7.0.302.0

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.494

Malwarebytes
PUP.Optional.SmartSaver.A
v2014.08.22.06

McAfee
Artemis!4B45B6C15A02
5600.7030

Panda Antivirus
Trj/Genetic.gen
14.08.22.06

Qihoo 360 Security
Win32/Trojan.48c
1.0.0.1015

Reason Heuristics
PUP.Crossrider.MonkeyCodeLab.Q
14.9.8.1

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14820

Sophos
Generic PUA HN
4.98

VIPRE Antivirus
Threat.4789396
32210

File size:
564.9 KB (578,416 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SmartSaver+ 3.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\smartsaver+ 3\smartsaver+ 3-bg.exe

Digital Signature
Signed by:
Monkey Code Lab

Authority:
COMODO CA Limited

Valid from:
7/28/2014 1:00:00 AM

Valid to:
7/29/2015 12:59:59 AM

Subject:
CN=Monkey Code Lab, O=Monkey Code Lab, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
70960DD13BD9997E55808BF80536533D

File PE Metadata
Compilation timestamp:
8/20/2014 11:08:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:HUZvcgzrA8UN2CEl4E4EZiD8h+wnCwSmTr:H6Ef8OG4lv4T

Entry address:
0x4BF98

Entry point:
E8, 5F, CC, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, 69, 48, 00, E8, 52, 49, 00, 00, E8, C6, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, F2, CB, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 70, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4536

Code size:
441.5 KB (452,096 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove smartsaver+ 3-bg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.