» smia.exe
Overview
Analysis
File Details
Programs (1)

smia.exe

Smartbar.Monetization.InjectApp

MY POP SHOP LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application smia.exe by MY POP SHOP has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program LPT System Updater Service by Linkury Ltd. which is a potentially unwanted software program.

File name:

smia.exe

Publisher:

MY POP SHOP LTD (signed and verified)

Product:

Smartbar.Monetization.InjectApp

Version:

1.0.0.0

MD5:

91ef9e16a42d77bf721a9f4db529319d

SHA-1:

2f195e8dcecaa7cd096de4182477338234dadb51

SHA-256:

ae9916b1b87af50e0a353e7657f08f5e556d5cdc82ebccad2602e3cf549d28b6

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

4/25/2024 11:35:11 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Smartbar.O

832

Avira AntiVirus

APPL/Linkury.Gen2

7.11.179.12

AVG

Mypopshop

2015.0.3310

Baidu Antivirus

Adware.Win32.Linkury

4.0.3.141025

Bitdefender

Adware.Smartbar.O

1.0.20.1490

Dr.Web

Adware.Linkury.8

9.0.1.0298

Emsisoft Anti-Malware

Adware.Smartbar.O

8.14.10.25.06

F-Secure

Adware.Smartbar.O

11.2014-25-10_7

G Data

Adware.Smartbar

14.10.24

MicroWorld eScan

Adware.Smartbar.O

15.0.0.894

nProtect

Adware.Smartbar.O

14.10.16.01

Reason Heuristics

PUP.MYPOPSHOP.E

14.10.25.18

File size:

16.5 KB (16,904 bytes)

Product version:

1.0.0.0

Original file name:

smia.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\lpt\smia.exe

Digital Signature

Signed by:

MY POP SHOP LTD

Authority:

COMODO CA Limited

Valid from:

7/6/2014 8:00:00 PM

Valid to:

7/7/2015 7:59:59 PM

Subject:

CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4A7D93FD75281A37A4ADCDCD636D3ADB

File PE Metadata

Compilation timestamp:

10/6/2014 7:59:30 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:MMYZAq22kvsdITysSGUwXWmI/jMTAYsjnhCxYPLg8WQC:jYhVSrTSmI/jmAYsjME2

Entry address:

0x3B1E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3976

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

7 KB (7,168 bytes)

The file smia.exe has been discovered within the following program.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

Remove smia.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.