home

smia64.exe

Smartbar.Monetization.InjectApp

VERISTAFF.COM LTD

This is part of the Linkury/SnapDo monetization software, a web browser toolbar used to hijack a user's search in order to collect revenues. The SmartBar is a a potentially unwanted toolbar and Windows Gadget that is advertising supported (adware). The application smia64.exe by VERISTAFF.COM has been detected as adware by 7 anti-malware scanners. Additionally, the file is typically installed by a number of programs including LPT System Updater Service by Linkury Ltd. and SafeFinder Smartbar by Linkury Ltd., both potentially unwanted software.
Publisher:
VERISTAFF.COM LTD  (signed and verified)

Product:
Smartbar.Monetization.InjectApp

Version:
1.0.0.0

MD5:
a7e650b996958571e77a2685e5f7920d

SHA-1:
734662a0780b3bf0afcf74651c767a5f1cc44fa1

SHA-256:
2ea842ee4be638a5ddc8af42f7f0810930bc88a7510fe72f6a45c51736f9aac3

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/25/2024 4:12:42 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Linkury.Gen2
7.11.189.70

AVG
Generic
2015.0.3277

Baidu Antivirus
Adware.Win32.Linkury
4.0.3.141128

Dr.Web
Adware.Linkury.8
9.0.1.05190

IKARUS anti.virus
AdWare.Linkury
t3scan.1.8.3.0

Reason Heuristics
PUP.VERISTAFFCOM.G
14.12.4.0

SUPERAntiSpyware
Adware.Linkury/Variant
10211

File size:
17 KB (17,424 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
smia.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\lpt\smia64.exe

Digital Signature
Signed by:
VERISTAFF.COM LTD

Authority:
COMODO CA Limited

Valid from:
9/15/2014 8:00:00 AM

Valid to:
9/16/2015 7:59:59 AM

Subject:
CN=VERISTAFF.COM LTD, OU=514841295, O=VERISTAFF.COM LTD, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2AF13BF1274B91869E8E8BA9B16282CA

File PE Metadata
Compilation timestamp:
11/19/2014 10:16:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:xSqTAq22kvsdITysSGUwXW7I/jMT5YsCnYPLP6Ma56PriV2nt:xSqPVSrTS7I/jm5YsCS9aUri8

Entry address:
0x3B1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4721

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7 KB (7,168 bytes)

The file smia64.exe has been discovered within the following programs.

LPT System Updater Service  by Linkury Ltd.
This is a potentially unwanted web browser extension this is distributed and installed by PINWID LTD, ReSoft LTD., MY POP SHOP LTD and Linkury. It will display advertisements including banners and popups in the user's web browser.
81% remove it
SafeFinder Smartbar  by Linkury Ltd.
SafeFinder displays advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.
www.linkury.com/faq/s/faq.aspx?company=SafeFinder
67% remove it
 
Powered by Should I Remove It?

Remove smia64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.