» utilsmarterpower.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

utilsmarterpower.exe

SmarterPower

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilsmarterpower.exe by SmarterPower has been detected as adware by 10 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update SmarterPower”. This file is typically installed with the program SmarterPower by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

SmarterPower (signed and verified)

Version:

1.0.5357.16280

MD5:

478e41a81847059f6681136ae77f57bb

SHA-1:

bf3cd03a419ff55370ae8d0787203b3b1c6b52bf

SHA-256:

b05a0997d125e5550df6c3ebffd2633705ab8703905169fda9efe399fdbf4594

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/23/2024 5:41:31 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/BrowseFox.Gen

7.11.170.100

avast!

Win32:BrowseFox-AN [PUP]

140813-1

AVG

Generic

2015.0.3364

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.1491

Dr.Web

Trojan.BPlug.202

9.0.1.05190

ESET NOD32

Win32/BrowseFox.H potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.Kranet

14.0.0.3316

Malwarebytes

PUP.Optional.SmarterPower.A

v2014.09.01.07

Qihoo 360 Security

Win32/Virus.Adware.e4c

1.0.0.1015

Reason Heuristics

PUP.SmarterPower.Q

14.9.1.17

File size:

315.7 KB (323,320 bytes)

Product version:

1.0.5357.16280

Original file name:

SmarterPower.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\smarterpower\bin\utilsmarterpower.exe

Digital Signature

Signed by:

SmarterPower

Authority:

VeriSign, Inc.

Valid from:

8/4/2014 8:00:00 PM

Valid to:

8/5/2015 7:59:59 PM

Subject:

CN=SmarterPower, O=SmarterPower, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

38D7C83A73CB4E3AC85648608E3170D8

File PE Metadata

Compilation timestamp:

9/1/2014 6:02:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:zIEfAz+3K2y2TgNY77d+d7UyM0QtVLQ1crpkrSjXbClO:zIEfHaqhLQ1cersmE

Entry address:

0x4EBC6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, E8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0831

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

307 KB (314,368 bytes)

Service

Display name:

Update SmarterPower

Type:

Win32OwnProcess

The file utilsmarterpower.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

SmarterPower by Yontoo Technology, Inc.

SmarterPower is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.

smarterpowerunite.com/support

87% remove it

Remove utilsmarterpower.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.