home

SmileboxStarter.exe

Smilebox

Smilebox Inc.

The application SmileboxStarter.exe by Smilebox has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Smilebox by Smilebox, Inc.. While running, it connects to the Internet address www.smilebox.com on port 80 using the HTTP protocol.
Publisher:
Smilebox, Inc.  (signed by Smilebox Inc.)

Product:
Smilebox

Description:
Smilebox Starter

Version:
1, 0, 0, 0

MD5:
f364e2851b24073ba0430b811a36e199

SHA-1:
7c3de3853fc99dab6ee7d205d02c319337d90e27

SHA-256:
1b68bed2e03706415ae1b4ff7af1f50d192e05a7a1b872d0ad5c8cbbdf935e1f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 10:20:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Smilebox.P
14.8.31.22

File size:
364.6 KB (373,384 bytes)

Product version:
1, 0, 0, 0

Copyright:
© 2009 Smilebox, Inc. All Rights Reserved.

Original file name:
SmileboxStarter.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\smilebox\smileboxstarter.exe

Digital Signature
Signed by:
Smilebox Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
1/1/2008 6:00:00 PM

Valid to:
3/12/2010 5:59:59 PM

Subject:
CN=Smilebox Inc., OU=SECURE APPLICATION DEPARTMENT, O=Smilebox Inc., L=Redmond, S=Washington, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
1D95AC1F4B90F65788778F1B94ACD37D

File PE Metadata
Compilation timestamp:
7/10/2009 1:36:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:GXtdSeYuo72v6E9L0fjglJ/EmlUJ9OU4/xAdPT1PimPncZ:GX+VUL0bglJ/CJ9OUAe1T1PimPu

Entry address:
0x24699

Entry point:
E8, 1E, 6E, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1, 00...
 
[+]

Entropy:
6.2428

Code size:
240 KB (245,760 bytes)

The file SmileboxStarter.exe has been discovered within the following program.

Smilebox  by Smilebox, Inc.
SmileBox, run by Perion Networks (now Conduit) is a photo sharing and social expression application intended for creating digital collages, invitations, slideshows, e-cards and scrapbooks for special occasions such as weddings and birthdays.
support.smilebox.com
41% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.smilebox.com  (216.218.214.53:80)

TCP (HTTP SSL):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:443)

TCP (HTTP):
Connects to spdc.pbp.vip.bf1.yahoo.com  (98.139.225.35:80)

TCP (HTTP):
Connects to msnbot-65-52-108-27.search.msn.com  (65.52.108.27:80)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP SSL):
Connects to ec2-52-22-14-161.compute-1.amazonaws.com  (52.22.14.161:443)

TCP (HTTP SSL):
Connects to a23-217-197-24.deploy.static.akamaitechnologies.com  (23.217.197.24:443)

TCP (HTTP SSL):
Connects to a23-207-174-182.deploy.static.akamaitechnologies.com  (23.207.174.182:443)

TCP (HTTP SSL):
Connects to a172-233-151-82.deploy.static.akamaitechnologies.com  (172.233.151.82:443)

TCP (HTTP):
Connects to a104-97-131-13.deploy.static.akamaitechnologies.com  (104.97.131.13:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-mia1.fbcdn.net  (31.13.73.7:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

TCP (HTTP SSL):
Connects to ec2-52-73-84-217.compute-1.amazonaws.com  (52.73.84.217:443)

TCP (HTTP SSL):
Connects to ec2-34-199-113-217.compute-1.amazonaws.com  (34.199.113.217:443)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.mib.yahoo.com  (68.180.134.7:443)

TCP (HTTP):
Connects to a23-4-43-27.deploy.static.akamaitechnologies.com  (23.4.43.27:80)

TCP (HTTP):
Connects to a23-210-168-218.deploy.static.akamaitechnologies.com  (23.210.168.218:80)

TCP (HTTP SSL):
Connects to a104-92-14-37.deploy.static.akamaitechnologies.com  (104.92.14.37:443)

TCP (HTTP SSL):
Connects to a104-92-10-228.deploy.static.akamaitechnologies.com  (104.92.10.228:443)

TCP (HTTP):
Connects to a104-106-255-5.deploy.static.akamaitechnologies.com  (104.106.255.5:80)

Remove SmileboxStarter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.