home

snipsmart.FirstRun.exe

FirstRun

snipsmart

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application snipsmart.FirstRun.exe by snipsmart has been detected as adware by 13 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
snipsmart  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
7621e66abf8ad1a5a296eb4f01f51803

SHA-1:
2b37c58808562ef473968dd3b0f7344cfa2fc88d

SHA-256:
7c3b1b3f078895d38f37cdc2d6c3a8ec345280fc82906d1c49e5cd9ee80e197a

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/25/2024 6:40:48 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/BrowseFox.Gen
7.11.171.78

AVG
Generic
2015.0.3342

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14923

Comodo Security
Application.Win32.BrowseFox.JL
19459

Dr.Web
Trojan.BPlug.171
9.0.1.0266

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

IKARUS anti.virus
AdWare.MPlug
t3scan.1.7.5.0

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3207

Malwarebytes
PUP.Optional.Sambreel.A
v2014.09.23.03

McAfee
BrowseFox
5600.6998

Qihoo 360 Security
Win32/Virus.Adware.e4c
1.0.0.1015

Reason Heuristics
Adware.Yontoo.snipsmart.R
14.9.23.15

VIPRE Antivirus
Threat.4741131
32938

File size:
1.1 MB (1,124,080 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
snipsmart.FirstRun.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\snipsmart\snipsmart.firstrun.exe

Digital Signature
Signed by:
snipsmart

Authority:
VeriSign, Inc.

Valid from:
8/4/2014 7:00:00 PM

Valid to:
8/5/2015 6:59:59 PM

Subject:
CN=snipsmart, O=snipsmart, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44017A0654590E4048857CE5A4A44F1A

File PE Metadata
Compilation timestamp:
9/23/2014 5:57:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:K1PRb0uhseTDS5XLW7pDw1rae/9YrGXpLydP:K1JThse/S5XEpDArtlydP

Entry address:
0x11220A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9243

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,115,136 bytes)

Remove snipsmart.FirstRun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.