» ssnfd_1_10_0_3.sys
Overview
Analysis
File Details
Behaviors (1)

ssnfd_1_10_0_3.sys

Search Snacks Driver x64

Search Snacks, LLC

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The file ssnfd_1_10_0_3.sys by Search Snacks has been detected as adware by 19 anti-malware scanners. It runs as a Windows 64-bit kernel mode device driver named “ssnfd_1_10_0_3”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

ssnfd_1_10_0_3.sys

Publisher:

Search Snacks (signed by Search Snacks, LLC)

Product:

Search Snacks Driver x64

Version:

1.10.0.3

MD5:

95b2d734641ecb743c598f63f357ee88

SHA-1:

3f0e812be8a4c4a8ef2d2f59a0a7dd3609068d47

SHA-256:

e48ef7b6a89ffb07fea664e2c248ba6f7af027c29b533ea197e685b7960b4e68

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 10:23:27 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Vitruvian.B

790

Agnitum Outpost

Riskware.NetFilter

7.1.1

AVG

Snacks

2015.0.3268

Baidu Antivirus

Adware.Win64.BrowseFox

4.0.3.14126

Bitdefender

Adware.Vitruvian.B

1.0.20.1700

Dr.Web

Adware.Plugin.274

9.0.1.0340

Emsisoft Anti-Malware

Adware.Vitruvian

8.14.12.06.04

ESET NOD32

Win64/Riskware.NetFilter (variant)

8.10804

Fortinet FortiGate

Riskware/NetFilter

12/6/2014

F-Secure

Adware.Vitruvian.B

11.2014-06-12_7

G Data

Adware.Vitruvian

14.12.24

K7 AntiVirus

Trojan

13.186.14174

Malwarebytes

PUP.Optional.SearchSnacks.A

v2014.12.06.04

McAfee

Artemis!95B2D734641E

5600.6924

MicroWorld eScan

Adware.Vitruvian.B

15.0.0.1020

nProtect

Adware.Vitruvian.B

14.11.28.01

Reason Heuristics

PUP.SearchSnacks.R

14.12.6.16

Trend Micro House Call

Suspicious_GEN.F47V1120

7.2.340

VIPRE Antivirus

InfoAtoms

35282

File size:

56.9 KB (58,248 bytes)

Product version:

1.10.0.3

Original file name:

ssnfd.sys

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\Windows\System32\drivers\ssnfd_1_10_0_3.sys

Digital Signature

Signed by:

Search Snacks, LLC

Authority:

GlobalSign nv-sa

Valid from:

4/3/2014 5:07:56 PM

Valid to:

4/3/2016 5:07:56 PM

Subject:

E=support@search-snacks.com, CN="Search Snacks, LLC", O="Search Snacks, LLC", L=Dover, S=Delaware, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11213239AF4AE4C69B97F803376A194F08F4

File PE Metadata

Compilation timestamp:

8/21/2012 6:34:56 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

8.0

CTPH (ssdeep):

1536:tiBIL6sCyo5oIUo0I77nPaXq4Fs+hMeGlDOtcRnph:gC6sCysD7L+Fs+hYOtcRnph

Entry address:

0x10008

Entry point:

48, 8B, 05, F1, D0, FF, FF, 49, B9, 32, A2, DF, 2D, 99, 2B, 00, 00, 48, 85, C0, 74, 05, 49, 3B, C1, 75, 2F, 4C, 8D, 05, D6, D0, FF, FF, 48, B8, 20, 03, 00, 00, 80, F7, FF, FF, 48, 8B, 00, 49, 33, C0, 49, B8, FF, FF, FF, FF, FF, FF, 00, 00, 49, 23, C0, 49, 0F, 44, C1, 48, 89, 05, AE, D0, FF, FF, 48, F7, D0, 48, 89, 05, AC, D0, FF, FF, E9, DB, B0, FF, FF, CC, CC, CC, B0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B4, 04, 01, 00, 10, C0, 00, 00, A0, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 04, 01, 00... 
[+]

Entropy:

6.3838

Code size:

44 KB (45,056 bytes)

Driver

Display name:

ssnfd_1_10_0_3

Type:

Kernel device driver (KernelDriver)

Group:

PNP_TDI

Remove ssnfd_1_10_0_3.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.