home

snipsmart.FirstRun.exe

FirstRun

snipsmart

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application snipsmart.FirstRun.exe by snipsmart has been detected as adware by 12 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
snipsmart  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
8ba47cc4842680c7151ee2f34302f7cf

SHA-1:
350ae4eb6f687d7e7ed0039eee7c20c75b201798

SHA-256:
786c58c0988f30654843d7b9e2516e052145ed5d187b87548dc9523d4c1871d5

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/19/2024 2:00:20 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/BrowseFox.Gen
7.11.171.78

AVG
Generic
2015.0.3346

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14919

Comodo Security
Application.Win32.BrowseFox.JL
19459

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

IKARUS anti.virus
AdWare.MPlug
t3scan.1.7.5.0

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.3225

Malwarebytes
PUP.Optional.Sambreel.A
v2014.09.19.10

McAfee
BrowseFox
5600.7002

Qihoo 360 Security
Win32/Virus.Adware.e4c
1.0.0.1015

Reason Heuristics
Adware.Yontoo.snipsmart.R
14.9.19.21

VIPRE Antivirus
Threat.4741131
32938

File size:
1.1 MB (1,124,080 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
snipsmart.FirstRun.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\snipsmart\snipsmart.firstrun.exe

Digital Signature
Signed by:
snipsmart

Authority:
VeriSign, Inc.

Valid from:
8/4/2014 7:00:00 PM

Valid to:
8/5/2015 6:59:59 PM

Subject:
CN=snipsmart, O=snipsmart, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44017A0654590E4048857CE5A4A44F1A

File PE Metadata
Compilation timestamp:
9/19/2014 12:49:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:7sUDIiciPjTodVZuddzBxYpYiTBkhRI0ZY3DyHZPeGIs:7snp0jTodVZuddFxYpkcFG5PT

Entry address:
0x11226A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9251

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,115,136 bytes)

Remove snipsmart.FirstRun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.