» smia.exe
Overview
Analysis
File Details
Programs (2)

smia.exe

Smartbar.Monetization.InjectApp

Veristaff.com Inc

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application smia.exe by Veristaff.com Inc has been detected as adware by 3 anti-malware scanners. Additionally, the file is typically installed by a number of programs including LPT System Updater Service by Linkury Ltd. and SafeFinder Smartbar by Linkury Ltd., both potentially unwanted software.

File name:

smia.exe

Publisher:

Veristaff.com Inc (signed and verified)

Product:

Smartbar.Monetization.InjectApp

Version:

1.0.0.0

MD5:

fb94751d48e64ad4ed3a64eb8597a51f

SHA-1:

b97eeb4ded300dea4f42f7f9211d215f38854538

SHA-256:

cf53587edbfde336ae9c5ce246c1bcff12f86a650bea1c3aa007d7519c15087c

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

4/23/2024 4:30:58 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Veristaff

2015.0.3400

Reason Heuristics

PUP.Veristaff.E

14.7.28.9

VIPRE Antivirus

Threat.4783962

31208

File size:

21.3 KB (21,800 bytes)

Product version:

1.0.0.0

Original file name:

smia.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\lpt\smia.exe

Digital Signature

Signed by:

Veristaff.com Inc

Authority:

DigiCert Inc

Valid from:

7/8/2014 8:00:00 PM

Valid to:

7/14/2015 8:00:00 AM

Subject:

CN=Veristaff.com Inc, O=Veristaff.com Inc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0B0EA10F13BB9EB2057BECB9A30F59D4

File PE Metadata

Compilation timestamp:

7/21/2014 7:54:26 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:Bn0KyuX7Gw6H7vwDQ1V4j9ZZTtwI5MTPYsZnYPLx8I1M08E6k:BpzksQ1V4tZwI5mPYsZ48mM08a

Entry address:

0x519A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 00, 00, 0C, 00, 00, 00, 9C, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3640

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

12.5 KB (12,800 bytes)

The file smia.exe has been discovered within the following programs.

LPT System Updater Service by Linkury Ltd.

This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.

81% remove it

SafeFinder Smartbar by Linkury Ltd.

SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

www.linkury.com/faq/s/faq.aspx?company=SafeFinder

67% remove it

Remove smia.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.