home

snipsmartsetup.exe

snipsmart

This is the installer and setup program from the snipsmart branded Yontoo adware web browser extension. This adware injects various forms of advertisements in the user's web browser based on the HTML content and URLs viewed. Ad include banners, in-line context text links, coupons, and search. The program will install an auto-updating Windows service that will update the software with additional features. The application snipsmartsetup.exe by snipsmart has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
snipsmart  (signed and verified)

MD5:
593fc7b77d04fc0766f92ca2518489fa

SHA-1:
c612e07656ef93db0fbd67c6ef6c9ccaa793e6c2

SHA-256:
0233de5bf971337f40e35121d4e0f00c4e8ea176da7eb1f86995ec2d88bdb94e

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 7:45:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CY
6217246

AhnLab V3 Security
PUP/Win32.SwiftBrowse
2015.04.01

avast!
BrowseFox-EV [PUP]
150319-1

AVG
Adware BrowseFox.H
2014.0.4311

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.1541

Bitdefender
Adware.SwiftBrowse.CY
1.0.20.455

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.1734
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.CY
9.0.0.4799

ESET NOD32
Win64/BrowseFox.AG potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/BrowseFox
4/1/2015

F-Prot
W32/S-b5aa130f
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CY
5.13.68

G Data
Adware.SwiftBrowse.CY
15.4.25

K7 AntiVirus
Trojan
13.202.15449

Malwarebytes
PUP.Optional.BPlug
v2015.04.01.07

McAfee
Program.BrowseFox-FWC
16.8.708.2

MicroWorld eScan
Adware.SwiftBrowse.CY
16.0.0.273

NANO AntiVirus
Trojan.Win32.BPlug.dfsehz
0.30.8.659

nProtect
Adware.SwiftBrowse.CY
15.04.01.01

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Yontoo
15.4.1.7

Rising Antivirus
PE:Malware.Kranet!6.20B9
23.00.65.15330

Sophos
Browse Fox
4.98

Trend Micro House Call
TROJ_GE.9A0AEAB0
7.2.91

Trend Micro
TROJ_GE.9A0AEAB0
10.465.01

Vba32 AntiVirus
AdWare.MSIL.Swift
3.12.26.3

VIPRE Antivirus
Threat.4150696
38950

File size:
569.8 KB (583,464 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\stosg8w2\snipsmartsetup.exe

Digital Signature
Signed by:
snipsmart

Authority:
VeriSign, Inc.

Valid from:
8/5/2014 3:00:00 AM

Valid to:
8/6/2015 2:59:59 AM

Subject:
CN=snipsmart, O=snipsmart, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44017A0654590E4048857CE5A4A44F1A

File PE Metadata
Compilation timestamp:
12/6/2009 1:52:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:0uHkO7cw15p1s15Ap/G/8/3D0Fw/tN8dkmLtpHHHrh7P5grciclPv:0A7jf6j8/z0FmcLbH1uTcPv

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 6F, 44, 00, E8, F1, 2B, 00, 00, A3, 84, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 2E, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9812

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wac.edgecastcdn.net  (72.21.81.13:80)

TCP (HTTP):
Connects to service.yontoo.com  (8.25.35.148:80)

TCP (HTTP):
Connects to api.yontoo.com  (8.25.35.15:80)

Remove snipsmartsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.