Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Additional versions
Relationships
 PE file structure
|
Show functions |
Import table
mscoree.dll
DllMain
luckysave.exe
Smartbar by Smartbar
| Version: | 1.6.1.795 |
| MD5: | 490c0bcd71a7ef5118a5ab18f6cd768f |
| SHA1: | bd3493d4ca30d17e63bd8d393dd215222fbda067 |
| SHA256: | 6423f254a17b7a32cb1ead42aef1c66b22b2514db50e9b38d90337ee61fad84a |
Warning 15 antivirus scanners has detected malware.
What is luckysave.exe?
Smartbar (Snap.Do) is a web browser addin/toolbar with Internet Explorer, Chrome and Firefox. Snap.Do provides social integration features for Facebook and Twitter. Privacy Policy: In order to facilitate, refine, personalize and match the identification and presentation of our products results to your browsing preferences and habits, we collect information regarding your use of our Product including URL and information of websites you browse while Smartbar is installed.
About luckysave.exe (from Smartbar)
“Snap.do works on all 3 major web browsers – Google Chrome, Mozilla Firefox and Internet Explorer. Simply get it now to start snapping! Snap.do will always be there when you need it. Once you got it yo”
Details
| File name: | luckysave.exe |
| Publisher: | Smartbar |
| Product name: | Smartbar |
| Typical file path: | C:\users\user\appdata\local\smartbar\application\luckysave.exe |
| Original name: | Smartbar.exe |
| File version: | 1.6.1.795 |
| Size: | 13.5 KB (13,824 bytes) |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| Code language: | Microsoft Visual C# / Basic .NET |
| .NET CLR: | Yes |
| .NET NGENed: | No |
More details
Behaviors
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Browser Infrastructure Helper' → C:\users\user\appdata\Local\Smartbar\Application\Luckysave.exe startup
Malware detections
Based on 40+ industry antivirus scanners, 15 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Avira AntiVir |
7.11.72.194 |
Adware/Agent.13824.4 |
| BitDefender |
7.2 |
Adware.Generic.411007 |
| Comodo Internet Security |
15941 |
ApplicUnwnt |
| Dr.Web |
8.13.8.11 |
Trojan.MulDrop4.24551 |
| Emsisoft Anti-Malware |
3.0.0.575 |
Adware.MSIL.Agent.AMN (A) |
| ESET NOD32 |
7.8231 |
a variant of Win32/Toolbar.Linkury.A |
| Fortinet |
5.0.43.0 |
Adware/MSIL_Agent |
| F-Secure |
11.0.19020.35 |
Adware.Generic.411007 |
| G Data |
13.8.22 |
Adware.Generic.411007 |
| Ikarus |
T3.1.4.0.0 |
not-a-virus:AdWare.MSIL |
| Kingsoft |
2013.4.9.267 |
Win32.Troj.Generic.a.(kcloud) |
| eScan by MicroWorld |
12.0.250.0 |
Adware.Generic.411007 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R47H1BH |
| Vba32 AntiVirus |
3.12.20.2 |
AdWare.MSIL.Agent |
| VIPRE Antivirus |
16888 |
Adware.Linkury (fs) |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.02505034% | |
| Kernel CPU: | 0.00465104% | |
| User CPU: | 0.02039930% | |
| Kernel CPU time: | 20,203 ms/min | |
| Context switches: | 254/sec | |
| Memory |
| Private memory: | 51.64 MB | |
| Private (maximum): | 55.36 MB | |
| Private (minimum): | 52.72 MB | |
| Non-paged memory: | 51.64 MB | |
| Virtual memory: | 330.54 MB | |
| Virtual memory (peak): | 338.43 MB | |
| Working set: | 55.04 MB | |
| Working set (peak): | 56.1 MB | |
| Resource allocations |
| Threads: | 26 | |
| Handles: | 1114 | |
| GUI GDI count: | 60 | |
| GUI GDI peak: | 64 | |
| GUI USER count: | 96 | |
| GUI USER peak: | 98 | |
Process properties
Distribution by Windows OS
| OS version | distribution |
| Windows 8 |
66.67% |
|
| Windows Vista Home Premium |
33.33% |
|
Distribution by country
United States installs about 100.00% of Smartbar.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
66.67% |
|
| Acer |
33.33% |
|
