» smartwrapper.exe
Overview
Analysis
File Details

smartwrapper.exe

SmartWrapper

The application smartwrapper.exe by SmartWrapper has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.

File name:

smartwrapper.exe

Publisher:

SmartWrapper (signed and verified)

MD5:

9128c50d919be6d043462b9fc35f9a45

SHA-1:

149addc0a1a832332bf29d6f1669d6a477d9027c

SHA-256:

d6471868206b9c830f6926957f65c79656d31d5535d9ba24a17017a2002c74a7

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/26/2024 2:10:37 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/InstallCore.Gen9

7.11.155.204

ESET NOD32

Win32/InstallCore.OZ (variant)

8.9971

Fortinet FortiGate

Riskware/InstallCore

6/23/2014

Qihoo 360 Security

Win32/Virus.Adware.f22

1.0.0.1015

Reason Heuristics

PUP.SmartWrapper.M

14.8.11.23

Sophos

Generic PUA BE

4.98

Trend Micro House Call

Suspicious_GEN.F47V0619

7.2.174

File size:

688.7 KB (705,192 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\335370635_stp\smartwrapper.exe

Digital Signature

Signed by:

SmartWrapper

Authority:

COMODO CA Limited

Valid from:

4/2/2014 2:00:00 AM

Valid to:

4/3/2015 1:59:59 AM

Subject:

CN=SmartWrapper, O=SmartWrapper, STREET=28A Lillinblam St., L=Tel-Aviv, S=Israel, PostalCode=651307, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F59CFABB9A6BB7216185D9F13562551E

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:fwvpQkiT8ogsKdmupEpOUJHB/9vXqinHLw2W1N7O5liN/6UE04uvuUu/Gu9:fwvGrAlpuhJ/vXtUp1A5liN/b4uvuhD9

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Entropy:

7.8200

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove smartwrapper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.