home

snapdo.exe

ReSoft LTD.

The application snapdo.exe by ReSoft has been detected as adware by 17 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Infrastructure Helper’. This file is typically installed with the program Snap.Do by ReSoft Ltd. which is a potentially unwanted software program.
Publisher:
Smartbar  (signed by ReSoft LTD.)

Product:
Smartbar

Version:
1.19.1.10742

MD5:
41e886f66cf5b909ffcc9882b7f2004f

SHA-1:
d9384126d8ab0104c1012c6bfddacc8f35af7d56

SHA-256:
2e2adff964bd013aa6978a3b0e64f897f56faab75a21c6a73ce21c18c99550cc

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
4/24/2024 12:46:52 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-AppCare/Agent.K.20552
14.08.08

Avira AntiVirus
SPR/Linkury.D
7.11.144.8

avast!
Win32:SmartBar-A [PUP]
2014.9-140808

AVG
AdInject.Resoft
2015.0.3500

Baidu Antivirus
Adware.Win32.Agent
4.0.3.1488

Boost by Reason
Optional.Startup.ReSoft.G
188838

Dr.Web
Adware.Linkury.1
9.0.1.0109

Emsisoft Anti-Malware
Riskware.Win32.Toolbar.Linkury.AMN
8.14.08.08.01

ESET NOD32
Win32/Toolbar.Linkury (variant)
8.8411

herdProtect (fuzzy)
variant of muvic.exe (Adware)
2014.7.8.0

Kaspersky
not-a-virus:AdWare.MSIL.Agent
14.0.0.3440

McAfee
Artemis!246D1E8E1F57
5600.7045

Reason Heuristics
PUP.Startup.ReSoft.G
14.8.8.1

Trend Micro House Call
TROJ_GEN.F47V0715
7.2.109

Trend Micro
ADW_LINKURY
10.465.19

Vba32 AntiVirus
AdWare.MSIL.Agent
3.12.26.0

VIPRE Antivirus
Adware.Linkury
18416

File size:
20.5 KB (20,992 bytes)

Product version:
1.19.1.10742

Original file name:
Smartbar.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\smartbar\application\snapdo.exe

Digital Signature
Signed by:
ReSoft LTD.

Authority:
COMODO CA Limited

Valid from:
7/30/2012 2:00:00 AM

Valid to:
7/31/2013 1:59:59 AM

Subject:
CN=ReSoft LTD., O=ReSoft LTD., STREET=4th Hanevi'im, L=Tel Aviv, S=Israel, PostalCode=64356, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7ABDE829D4244ADA77EE42C7A70C0FA3

File PE Metadata
Compilation timestamp:
6/3/2013 4:27:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:lqbUx3jS82wkSFyl5+yVIldORoD9mVamEt92Zw3TIn0pnhCxYPLg8rJ:QbW32MrmA97TI0pMErJ

Entry address:
0x4D9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
11.5 KB (11,776 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Browser Infrastructure Helper

Command:
C:\users\{user}\appdata\local\smartbar\application\snapdo.exe startup


The file snapdo.exe has been discovered within the following program.

Snap.Do  by ReSoft Ltd.
Snap.Do is a web browser addin/toolbar (depending on the browser it is installed within) that plugs into all the major web browsers including Internet Explorer, Chrome and Firefox. Snap.
snap.do
85% remove it
 
Powered by Should I Remove It?

Remove snapdo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.