home

snipsmart.expext.exe

snipsmart

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application snipsmart.expext.exe by snipsmart has been detected as adware by 22 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
snipsmart  (signed and verified)

Version:
1.0.6242.39491

MD5:
a443d33bba1fc41d0934e51ce7d17639

SHA-1:
49fb227ab8418c10a6d9f191d46e564a3707a788

SHA-256:
1fe7727c0c57db70faf8d5351e389c8f9fb1d70aad4c0ebe34ee889aaef30432

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
5/7/2024 3:59:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CY
713

AhnLab V3 Security
Win-PUP/BrowseFox.Gen
2015.02.22

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.211.248

avast!
Win32:BrowseFox-EV [PUP]
2014.9-150222

AVG
Generic
2016.0.3191

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15222

Bitdefender
Adware.SwiftBrowse.CY
1.0.20.265

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Adware.SwiftBrowse.CY
8.15.02.22.05

ESET NOD32
Win32/BrowseFox.AA potentially unwanted (variant)
9.11213

F-Prot
W32/S-43570a6e
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CY
11.2015-22-02_1

G Data
Adware.SwiftBrowse.CY
15.2.25

K7 AntiVirus
Trojan
13.197.15043

McAfee
BrowseFox-FVA
5600.6847

MicroWorld eScan
Adware.SwiftBrowse.CY
16.0.0.159

NANO AntiVirus
Riskware.Win32.BrowseFox.dlbjxp
0.30.0.296

nProtect
Adware.SwiftBrowse.CY
15.02.17.01

Reason Heuristics
Adware.Yontoo.snipsmart
15.2.22.5

Sophos
Browse Fox
4.98

VIPRE Antivirus
Trojan.Win32.Generic
37782

Zillya! Antivirus
Trojan.Katusha.Win32.37070
2.0.0.2077

File size:
99.2 KB (101,616 bytes)

Product version:
1.0.6242.39491

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\snipsmart\bin\snipsmart.expext.exe

Digital Signature
Signed by:
snipsmart

Authority:
VeriSign, Inc.

Valid from:
8/5/2014 12:00:00 PM

Valid to:
8/6/2015 11:59:59 AM

Subject:
CN=snipsmart, O=snipsmart, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44017A0654590E4048857CE5A4A44F1A

File PE Metadata
Compilation timestamp:
2/22/2015 11:42:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:Vv6Wslm40kAtfI+8G2dBKCKXfPWk6EHIkGnMBcuz0VKgSjZiO:klykK4dKXf+k68J0VKgSjl

Entry address:
0x563E

Entry point:
E8, AB, 3C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 64, 7F, 41, 00, FF, 15, 4C, 20, 41, 00, 85, C0, 75, 18, 56, E8, 2F, 08, 00, 00, 8B, F0, FF, 15, 68, 20, 41, 00, 50, E8, DF, 07, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, C0, 91, 41, 00, 00, 74, 05, E9, CD, 3C, 00, 00, 57, 8B...
 
[+]

Entropy:
6.4321

Code size:
65.5 KB (67,072 bytes)

Remove snipsmart.expext.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.