» smrts.exe
Overview
Analysis
File Details
Downloads (1)

smrts.exe

The application smrts.exe has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.datagenserv.com.

File name:

smrts.exe

Description:

Jixog

Version:

21.24.19.15

MD5:

32f20f30c6f650ed2d506780089b8594

SHA-1:

4e6f6c0f3273a2e108462cd271e7eb77c14baa86

SHA-256:

e509c200f75a6b072f66f82a8cbcbae48cc437092fcf30585ddc246e831472a2

Scanner detections:

8 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/16/2024 5:26:26 PM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Adware.Agent-6597

0.98/19265

Dr.Web

infected with Trojan.Crossrider.27895

9.0.1.05190

ESET NOD32

Win32/Packed.ScrambleWrapper.M potentially unwanted application

7.0.302.0

IKARUS anti.virus

PUA.CrossRider

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.CrossRider

v2014.08.13.09

Panda Antivirus

Trj/Genetic.gen

14.08.13.09

Reason Heuristics

PUP.Downloader.F

14.8.13.8

Trend Micro House Call

Suspici.AB01381A

7.2.225

File size:

8 MB (8,421,968 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\smrts.exe

File PE Metadata

Compilation timestamp:

12/4/2012 1:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:W6efxUaMxRA9+JbRlICjNKczPYiMdQWL3xTaL3LVeW:FRKQPPmTy

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9986 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file smrts.exe has been seen being distributed by the following URL.

http://dl.datagenserv.com/virt/.../smrts.exe

Remove smrts.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.