Snap.do

By GoldSparrow in Browser Hijackers

Translate To:

Threat Scorecard

Popularity Rank:	458
Threat Level:	50 % (Medium)
Infected Computers:	1,985,979

First Seen:	October 12, 2012
Last Seen:	February 7, 2026
OS(es) Affected:	Windows

Snap.do Image

The Snap.do website is associated with the Smartbar toolbar for your web browser. This toolbar is actually an adware component. Even though Snap.do claims that Snap.do can simplify the way you access your favorite websites, this website and its associated toolbar have several unwanted behaviors that are more closely associated with known malware infections than with legitimate applications. Most of the time, the Snap.do toolbar will be bundled along with freeware programs, included in the installation process.

Reading the 'official' description of Snap.do, it would be hard to guess that this website is linked to malware. The people behind Snap.do claim that this website's vision is to become an industry leader in providing simple, smart web solutions to their clients as well as complementary programs that improve browser efficiency and make browsing simply with interfaces and technologies that computer users are already used to utilize. However, this vision does not match up well to reality, since products associated with Snap.do have various components that are more commonly associated with adware. There are three reasons why products associated with Snap.do are considered unsafe for your computer:

Products associated with Snap.do may have spyware capabilities. That is, this website and software associated with Snap.do will collect your personal data and then distribute it to a third party without your authorization.
The Snap.do website and software associated with Snap.do may also be considered adware. This is because Snap.do is designed to deliver intrusive advertisements based on private data collected about your browsing behaviors. These advertisements may appear as pop-up windows or embedded in web pages.
Snap.do is also linked to browser hijackers. These kinds of components are designed to change your web browser's settings, affecting which websites you are able to visit and alters the way you browse the Internet.

While many websites associated with browser hijackers may, in themselves, be perfectly safe, this is not the case with Snap.do and software associated with this website. Due to their adware and browser hijacker components, any contact with the Snap.do website or with software associated with Snap.do should be followed with a thorough scan of your machine with a capable anti-malware application.

Table of Contents

Aliases

2 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Symantec	Bloodhound.MalPE
AhnLab-V3	PUP/Win32.Toolbar

SpyHunter Detects & Remove Snap.do

File System Details

Snap.do may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	cloudprinter.dat	cecec73094ba3e1b7abe788ae5a5204a	271,577
Name: cloudprinter.dat MD5: cecec73094ba3e1b7abe788ae5a5204a Size: 54.27 KB (54272 bytes) Detections: 271,577 Type: Data file Path: %ALLUSERSPROFILE%\cloudprinter Group: Malware file Last Updated: January 27, 2026
2.	gravefresh.dat	09eab69315e00b74dfa2ca27a5542829	145,225
Name: gravefresh.dat MD5: 09eab69315e00b74dfa2ca27a5542829 Size: 252.92 KB (252928 bytes) Detections: 145,225 Type: Data file Path: %ALLUSERSPROFILE%\lamzap Group: Malware file Last Updated: February 6, 2026
3.	uninstall.ico	f0629844b82419eb727a3858f31dc85a	1,891
Name: uninstall.ico MD5: f0629844b82419eb727a3858f31dc85a Size: 1.15 KB (1150 bytes) Detections: 1,891 Group: Malware file Last Updated: September 24, 2025
4.	uninstall.dat	6c5cac85dbc1df3ced89e3ea8645bc32	1,154
Name: uninstall.dat MD5: 6c5cac85dbc1df3ced89e3ea8645bc32 Size: 140.8 KB (140800 bytes) Detections: 1,154 Type: Data file Path: %COMMONPROGRAMFILES(x86)%\viatip Group: Malware file Last Updated: September 9, 2024
5.	Opentip.bin	aea5b44ab1e57f40069461bcf0dbc303	601
Name: Opentip.bin MD5: aea5b44ab1e57f40069461bcf0dbc303 Size: 1.93 MB (1932216 bytes) Detections: 601 Type: Binary File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Opentip.bin Group: Malware file Last Updated: January 27, 2026
6.	Topfax.bin	e7feae9f793d93682572c065c3379626	197
Name: Topfax.bin MD5: e7feae9f793d93682572c065c3379626 Size: 76.56 KB (76565 bytes) Detections: 197 Type: Binary File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Topfax.bin Group: Malware file Last Updated: March 12, 2025
7.	Vivafax.bin	fa780e83ab291186670cfe6b879f7085	158
Name: Vivafax.bin MD5: fa780e83ab291186670cfe6b879f7085 Size: 400.44 KB (400445 bytes) Detections: 158 Type: Binary File Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\Vivafax.bin Group: Malware file Last Updated: January 4, 2026
8.	AppdnifmiN.exe	24a74f120eccbec5942ce9c627c31db4	69
Name: AppdnifmiN.exe MD5: 24a74f120eccbec5942ce9c627c31db4 Size: 400.89 KB (400896 bytes) Detections: 69 Type: Executable File Path: %ALLUSERSPROFILE%\AppdnifmiN Group: Malware file Last Updated: November 30, 2016
9.	ocep.exe	2cf641c23d296a503827f6d409e0435d	50
Name: ocep.exe MD5: 2cf641c23d296a503827f6d409e0435d Size: 400.89 KB (400896 bytes) Detections: 50 Type: Executable File Path: %ALLUSERSPROFILE%\ocep Group: Malware file Last Updated: November 30, 2016
10.	CloudPrinter.exe	f79bbfd2beea6c3494bc65b638af5969	49
Name: CloudPrinter.exe MD5: f79bbfd2beea6c3494bc65b638af5969 Size: 692.73 KB (692736 bytes) Detections: 49 Type: Executable File Path: %ALLUSERSPROFILE%\CloudPrinter Group: Malware file Last Updated: May 21, 2020
11.	Affenpinscher.exe	8abe1277924bdf91880a0394a4cc18d8	43
Name: Affenpinscher.exe MD5: 8abe1277924bdf91880a0394a4cc18d8 Size: 400.89 KB (400896 bytes) Detections: 43 Type: Executable File Path: %ALLUSERSPROFILE%\Affenpinscher Group: Malware file Last Updated: November 30, 2016
12.	gld.exe	c5ea20f32c1ad46670b6a6442ddd04d6	38
Name: gld.exe MD5: c5ea20f32c1ad46670b6a6442ddd04d6 Size: 61.1 KB (61103 bytes) Detections: 38 Type: Executable File Path: %PROGRAMFILES(x86)%\Gorny\gld.exe Group: Malware file Last Updated: June 27, 2020
13.	emphasising.exe	25034e95214d42e20e9383a353c125f6	37
Name: emphasising.exe MD5: 25034e95214d42e20e9383a353c125f6 Size: 37.75 KB (37758 bytes) Detections: 37 Type: Executable File Path: %PROGRAMFILES(x86)%\basque\emphasising.exe Group: Malware file Last Updated: June 27, 2020
14.	uninstall.exe	75e0ecad5d00e8407e32506361b93f98	35
Name: uninstall.exe MD5: 75e0ecad5d00e8407e32506361b93f98 Size: 984.57 KB (984576 bytes) Detections: 35 Type: Executable File Path: %COMMONPROGRAMFILES(x86)%\ZotRemnix Group: Malware file Last Updated: June 30, 2016
15.	patience.exe	069ad9a7445f11563b2919a5f006979c	32
Name: patience.exe MD5: 069ad9a7445f11563b2919a5f006979c Size: 9.21 KB (9216 bytes) Detections: 32 Type: Executable File Path: %PROGRAMFILES(x86)%\patience\patience.exe Group: Malware file Last Updated: June 27, 2020
16.	Medotity.exe	a761ce1d6bc4eec1c527324584e9ddd8	28
Name: Medotity.exe MD5: a761ce1d6bc4eec1c527324584e9ddd8 Size: 692.73 KB (692736 bytes) Detections: 28 Type: Executable File Path: %ALLUSERSPROFILE%\Medotity Group: Malware file Last Updated: November 24, 2016
17.	AppgnirtspmaT.exe	a674955ee5b9cf795d74aec1a3bdea46	25
Name: AppgnirtspmaT.exe MD5: a674955ee5b9cf795d74aec1a3bdea46 Size: 400.89 KB (400896 bytes) Detections: 25 Type: Executable File Path: %ALLUSERSPROFILE%\AppgnirtspmaT Group: Malware file Last Updated: November 30, 2016
18.	xifs.exe	5f8cde8ed5585c50102a06981f1c9d7a	24
Name: xifs.exe MD5: 5f8cde8ed5585c50102a06981f1c9d7a Size: 400.89 KB (400896 bytes) Detections: 24 Type: Executable File Path: %ALLUSERSPROFILE%\xifs Group: Malware file Last Updated: November 30, 2016
19.	AppxeetouQ.exe	68e27e78779d9780d2daef4d6c2148e4	24
Name: AppxeetouQ.exe MD5: 68e27e78779d9780d2daef4d6c2148e4 Size: 400.89 KB (400896 bytes) Detections: 24 Type: Executable File Path: %ALLUSERSPROFILE%\AppxeetouQ Group: Malware file Last Updated: November 30, 2016
20.	ApppazmaL.exe	be67210e37a467cf02375d7ab03270c6	23
Name: ApppazmaL.exe MD5: be67210e37a467cf02375d7ab03270c6 Size: 392.7 KB (392704 bytes) Detections: 23 Type: Executable File Path: %ALLUSERSPROFILE%\ApppazmaL Group: Malware file Last Updated: May 26, 2017
21.	idna.exe	543de71ba6de1353cd397c89a0951663	18
Name: idna.exe MD5: 543de71ba6de1353cd397c89a0951663 Size: 692.73 KB (692736 bytes) Detections: 18 Type: Executable File Path: %ALLUSERSPROFILE%\idna Group: Malware file Last Updated: November 24, 2016
22.	AppmatdloH.exe	d0f9b6fec63f8cb1ddeaa0cac2512aa5	16
Name: AppmatdloH.exe MD5: d0f9b6fec63f8cb1ddeaa0cac2512aa5 Size: 692.73 KB (692736 bytes) Detections: 16 Type: Executable File Path: %ALLUSERSPROFILE%\AppmatdloH Group: Malware file Last Updated: November 24, 2016
23.	Utatity.exe	711203f1378abf0a39822f473287c8d8	15
Name: Utatity.exe MD5: 711203f1378abf0a39822f473287c8d8 Size: 692.73 KB (692736 bytes) Detections: 15 Type: Executable File Path: %ALLUSERSPROFILE%\Utatity Group: Malware file Last Updated: November 24, 2016
24.	set.exe	96a99a6e8b367ffa84b5f5b0bb2a4dc9	14
Name: set.exe MD5: 96a99a6e8b367ffa84b5f5b0bb2a4dc9 Size: 3.78 MB (3786752 bytes) Detections: 14 Type: Executable File Path: %ALLUSERSPROFILE%\Logic Handler Group: Malware file Last Updated: March 3, 2017
25.	Nettrans.exe	56e23c8a026f980555a286c1ed873ec3	13
Name: Nettrans.exe MD5: 56e23c8a026f980555a286c1ed873ec3 Size: 43.52 KB (43520 bytes) Detections: 13 Type: Executable File Path: %ALLUSERSPROFILE%\NetworkPacketManitor Group: Malware file Last Updated: March 3, 2017
26.	crambo.exe	7ce53c9cc3d30ab0df7d0e0849c9a7bf	1
Name: crambo.exe MD5: 7ce53c9cc3d30ab0df7d0e0849c9a7bf Size: 2.92 MB (2927912 bytes) Detections: 1 Type: Executable File Path: %ALLUSERSPROFILE%\NetworkPacketManitor Group: Malware file Last Updated: October 1, 2016

More files

Registry Details

Snap.do may create the following registry entry or registry entries:

File name without path

Alphatax.exe

Alphatop.exe

Bam-Phase.exe

Daltla.exe

DanFix.exe

Domnimdex.exe

Doublelax.exe

Fasecore.exe

FaseSaostock.exe

Laquonix.exe

OpeZamjob.exe

SailLatsing.exe

Salttrax.exe

StrongDonlab.exe

TonRaning.exe

Trueex.exe

Unodex.exe

Viawarm.exe

Yearkeysing.exe

ZerCom.exe

ZumDubflex.exe

Zunlotlight.exe

Regexp file mask

%appdata%\agent.dat

%appdata%\giftbag.db

%appdata%\installationconfiguration.xml

%appdata%\noah.dat

%appdata%\uninstall_temp.ico

%localappdata%\agent.dat

%LOCALAPPDATA%\dongls.exe

%localappdata%\freshlab.exe

%localappdata%\funzap.exe

%localappdata%\giftbag.db

%LOCALAPPDATA%\Greenjob.[RANDOM CHARACTERS]

%localappdata%\hatcof.exe

%localappdata%\installationconfiguration.xml

%LOCALAPPDATA%\JobSilsing.exe

%localappdata%\main.dat

%localappdata%\newstatdex.exe

%localappdata%\noah.dat

%localappdata%\qvotop.exe

%localappdata%\relam.exe

%localappdata%\saoeco.exe

%LOCALAPPDATA%\sha.db

%localappdata%\sham.db

%localappdata%\silverity.exe

%localappdata%\silversanair.exe

%localappdata%\yearfix.exe

%localappdata%\zamron.exe

%userprofile%\local settings\application data\funzap.exe

%userprofile%\local settings\application data\hatcof.exe

%UserProfile%\Local Settings\Application Data\sha.db

%userprofile%\local settings\application data\yearfix.exe

%windir%\system32\config\systemprofile\appdata\local\agent.dat

%windir%\system32\config\systemprofile\appdata\local\applicationhosting.dat

%windir%\system32\config\systemprofile\appdata\local\config.xml

%windir%\system32\config\systemprofile\appdata\local\lobby.dat

%windir%\system32\config\systemprofile\appdata\local\main.dat

%windir%\system32\config\systemprofile\appdata\local\md.xml

%windir%\system32\config\systemprofile\appdata\local\noah.dat

%WINDIR%\System32\config\systemprofile\AppData\Local\sha.db

%windir%\system32\config\systemprofile\appdata\local\sham.db

%windir%\system32\config\systemprofile\appdata\local\uninstall_temp.ico

%windir%\syswow64\config\systemprofile\appdata\local\agent.dat

%windir%\syswow64\config\systemprofile\appdata\local\applicationhosting.dat

%windir%\syswow64\config\systemprofile\appdata\local\config.xml

%windir%\syswow64\config\systemprofile\appdata\local\lobby.dat

%windir%\syswow64\config\systemprofile\appdata\local\main.dat

%windir%\syswow64\config\systemprofile\appdata\local\md.xml

%WINDIR%\SysWOW64\config\systemprofile\AppData\Local\sha.db

%windir%\syswow64\config\systemprofile\appdata\local\sham.db

%windir%\syswow64\config\systemprofile\appdata\local\uninstall_temp.ico

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Microsoft\Tracing\appmallosayov_RASAPI32

SOFTWARE\Microsoft\Tracing\appmallosayov_RASMANCS

SOFTWARE\Microsoft\Tracing\AppoxinloK_RASAPI32

SOFTWARE\Microsoft\Tracing\AppoxinloK_RASMANCS

SOFTWARE\Microsoft\Tracing\AppxeetouQ_RASAPI32

SOFTWARE\Microsoft\Tracing\AppxeetouQ_RASMANCS

SOFTWARE\Microsoft\Tracing\Hotfresh_RASAPI32

SOFTWARE\Microsoft\Tracing\Hotfresh_RASMANCS

SOFTWARE\Microsoft\Tracing\Kipolam_RASAPI32

SOFTWARE\Microsoft\Tracing\Kipolam_RASMANCS

SOFTWARE\Microsoft\Tracing\Kolnixo_RASAPI32

SOFTWARE\Microsoft\Tracing\Kolnixo_RASMANCS

SOFTWARE\Microsoft\Tracing\locep_RASAPI32

SOFTWARE\Microsoft\Tracing\locep_RASMANCS

SOFTWARE\Microsoft\Tracing\mbappert_RASAPI32

SOFTWARE\Microsoft\Tracing\mbappert_RASMANCS

SOFTWARE\Microsoft\Tracing\Pangoc_RASAPI32

SOFTWARE\Microsoft\Tracing\Pangoc_RASMANCS

SOFTWARE\Microsoft\Tracing\Pluslax_RASAPI32

SOFTWARE\Microsoft\Tracing\Pluslax_RASMANCS

SOFTWARE\Microsoft\Tracing\Polygen_RASAPI32

SOFTWARE\Microsoft\Tracing\Polygen_RASMANCS

SOFTWARE\Microsoft\Tracing\snorler_RASAPI32

SOFTWARE\Microsoft\Tracing\snorler_RASMANCS

SOFTWARE\Microsoft\Tracing\Tolnix_RASAPI32

SOFTWARE\Microsoft\Tracing\Tolnix_RASMANCS

SOFTWARE\Microsoft\Tracing\Voyasollam_RASAPI32

SOFTWARE\Microsoft\Tracing\Voyasollam_RASMANCS

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appmallosayov.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppoxinloK.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppxeetouQ.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hotfresh.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kipolam.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kolnixo.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\locep.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbappert.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pangoc.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pitachok.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pluslax.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Polygen.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snorler.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tolnix.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Voyasollam.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\appmallosayov.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppoxinloK.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppxeetouQ.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Hotfresh.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kipolam.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kolnixo.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\locep.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\mbappert.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pangoc.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pluslax.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Polygen.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\snorler.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Tolnix.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Voyasollam.exe

SOFTWARE\mtappmallosayov

SOFTWARE\mtAppoxinloK

SOFTWARE\mtAppxeetouQ

SOFTWARE\mtHotfresh

Software\mtKolnixo

SOFTWARE\mtlocep

SOFTWARE\mtmbappert

SOFTWARE\mtPangoc

SOFTWARE\mtPitachok

SOFTWARE\mtPluslax

SOFTWARE\mtPolygen

SOFTWARE\mtTolnix

SOFTWARE\WOW6432Node\Microsoft\Tracing\appmallosayov_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\appmallosayov_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\AppoxinloK_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\AppoxinloK_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\AppxeetouQ_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\AppxeetouQ_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Hotfresh_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Hotfresh_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kipolam_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kipolam_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kolnixo_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Kolnixo_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\locep_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\locep_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\mbappert_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\mbappert_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\Pangoc_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\Pangoc_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pitachok_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pitachok_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pluslax_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Pluslax_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Polygen_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Polygen_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\snorler_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\snorler_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\Tolnix_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\Tolnix_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Tracing\Voyasollam_RASAPI32

SOFTWARE\WOW6432Node\Microsoft\Tracing\Voyasollam_RASMANCS

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appmallosayov.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppoxinloK.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppxeetouQ.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hotfresh.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kipolam.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kolnixo.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\locep.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbappert.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pangoc.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pitachok.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pluslax.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Polygen.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snorler.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tolnix.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Voyasollam.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\appmallosayov.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppoxinloK.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\AppxeetouQ.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Hotfresh.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kipolam.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Kolnixo.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\locep.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\mbappert.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pangoc.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pitachok.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Pluslax.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Polygen.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\snorler.exe

SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Tolnix.exe

SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SilentProcessExit\Voyasollam.exe

SOFTWARE\Wow6432Node\mtappmallosayov

SOFTWARE\Wow6432Node\mtAppoxinloK

SOFTWARE\Wow6432Node\mtAppxeetouQ

SOFTWARE\Wow6432Node\mtHotfresh

Software\WOW6432Node\mtKolnixo

SOFTWARE\Wow6432Node\mtlocep

SOFTWARE\Wow6432Node\mtmbappert

SOFTWARE\Wow6432Node\mtPangoc

SOFTWARE\Wow6432Node\mtPitachok

SOFTWARE\Wow6432Node\mtPluslax

SOFTWARE\Wow6432Node\mtPolygen

SOFTWARE\Wow6432Node\mtTolnix

SYSTEM\ControlSet001\services\appmallosayov

SYSTEM\ControlSet001\services\AppxeetouQ

SYSTEM\ControlSet001\services\Quoteex

SYSTEM\ControlSet001\services\Voyasollam

SYSTEM\ControlSet002\services\appmallosayov

SYSTEM\ControlSet002\services\AppxeetouQ

SYSTEM\ControlSet002\services\Quoteex

SYSTEM\ControlSet002\services\Voyasollam

SYSTEM\CurrentControlSet\services\appmallosayov

SYSTEM\CurrentControlSet\services\AppxeetouQ

SYSTEM\CurrentControlSet\services\Quoteex

SYSTEM\CurrentControlSet\services\Voyasollam

Directories

Snap.do may create the following directory or directories:

%ALLUSERSPROFILE%\Anwendungsdaten\Logic Cramble

%ALLUSERSPROFILE%\Application Data\AppoxinloK

%ALLUSERSPROFILE%\Application Data\Graveairs

%ALLUSERSPROFILE%\Application Data\Zonsoft

%ALLUSERSPROFILE%\Application Data\Zonsofts

%ALLUSERSPROFILE%\Application Data\apptreppabm

%ALLUSERSPROFILE%\Application Data\apptreppabms

%ALLUSERSPROFILE%\Application Data\appxafmads

%ALLUSERSPROFILE%\Application Data\kipolam

%ALLUSERSPROFILE%\Application Data\mbappert

%ALLUSERSPROFILE%\Application Data\mbapperts

%ALLUSERSPROFILE%\Application Data\pangoc

%ALLUSERSPROFILE%\Application Data\pangocs

%ALLUSERSPROFILE%\Application Data\tolnix

%ALLUSERSPROFILE%\Application Data\tolnixs

%ALLUSERSPROFILE%\AppnegyloP

%ALLUSERSPROFILE%\AppnorriA

%ALLUSERSPROFILE%\AppnorriAs

%ALLUSERSPROFILE%\AppoxinloK

%ALLUSERSPROFILE%\AppoxinloKs

%ALLUSERSPROFILE%\ApppotriA

%ALLUSERSPROFILE%\ApppotriAs

%ALLUSERSPROFILE%\AppthgildeMs

%ALLUSERSPROFILE%\AppxelosknoK

%ALLUSERSPROFILE%\BluetoothPoint

%ALLUSERSPROFILE%\BluetoothPoints

%ALLUSERSPROFILE%\Dados de aplicativos\Logic Cramble

%ALLUSERSPROFILE%\Daltit

%ALLUSERSPROFILE%\Daltits

%ALLUSERSPROFILE%\Dane aplikacji\Logic Cramble

%ALLUSERSPROFILE%\Dati applicazioni\Logic Cramble

%ALLUSERSPROFILE%\Datos de programa\Logic Cramble

%ALLUSERSPROFILE%\Graveairs

%ALLUSERSPROFILE%\Hotfreshs

%ALLUSERSPROFILE%\Pitachoks

%ALLUSERSPROFILE%\Polygen

%ALLUSERSPROFILE%\Polygens

%ALLUSERSPROFILE%\Silsolis

%ALLUSERSPROFILE%\Silsoliss

%ALLUSERSPROFILE%\Singdaxs

%ALLUSERSPROFILE%\Trioflex

%ALLUSERSPROFILE%\Trioflexs

%ALLUSERSPROFILE%\Viaair

%ALLUSERSPROFILE%\Viaairs

%ALLUSERSPROFILE%\Zonsoft

%ALLUSERSPROFILE%\Zonsofts

%ALLUSERSPROFILE%\appcognap

%ALLUSERSPROFILE%\apppitsirt

%ALLUSERSPROFILE%\apprelrons

%ALLUSERSPROFILE%\apprelronss

%ALLUSERSPROFILE%\apptreppabm

%ALLUSERSPROFILE%\apptreppabms

%ALLUSERSPROFILE%\appxafmads

%ALLUSERSPROFILE%\appxinlot

%ALLUSERSPROFILE%\ecivreSevaS

%ALLUSERSPROFILE%\ecivreSevaSs

%ALLUSERSPROFILE%\iretadpUMGRs

%ALLUSERSPROFILE%\kipolam

%ALLUSERSPROFILE%\loceps

%ALLUSERSPROFILE%\mbappert

%ALLUSERSPROFILE%\mbapperts

%ALLUSERSPROFILE%\ohnuze

%ALLUSERSPROFILE%\ohnuzes

%ALLUSERSPROFILE%\pangoc

%ALLUSERSPROFILE%\pangocs

%ALLUSERSPROFILE%\tolnix

%ALLUSERSPROFILE%\tolnixs

%ALLUSERSPROFILE%\xifss

%COMMONPROGRAMFILES%\AlphaString

%COMMONPROGRAMFILES%\Alphafan

%COMMONPROGRAMFILES%\Alphait

%COMMONPROGRAMFILES%\Alphatone

%COMMONPROGRAMFILES%\Apsing

%COMMONPROGRAMFILES%\Betastrong

%COMMONPROGRAMFILES%\Bio-Com

%COMMONPROGRAMFILES%\Biolight

%COMMONPROGRAMFILES%\Confind

%COMMONPROGRAMFILES%\Doublelab

%COMMONPROGRAMFILES%\Ecojob

%COMMONPROGRAMFILES%\Finphase

%COMMONPROGRAMFILES%\Fixfax

%COMMONPROGRAMFILES%\Goodlex

%COMMONPROGRAMFILES%\GrooveTax

%COMMONPROGRAMFILES%\Groovecof

%COMMONPROGRAMFILES%\HatTrax

%COMMONPROGRAMFILES%\Hometough

%COMMONPROGRAMFILES%\Icetech

%COMMONPROGRAMFILES%\Inchstrong

%COMMONPROGRAMFILES%\IndigoNix

%COMMONPROGRAMFILES%\Joy-Com

%COMMONPROGRAMFILES%\Kanla

%COMMONPROGRAMFILES%\Key-Soft

%COMMONPROGRAMFILES%\KinDom

%COMMONPROGRAMFILES%\Kinin

%COMMONPROGRAMFILES%\Labzap

%COMMONPROGRAMFILES%\Lamcof

%COMMONPROGRAMFILES%\Lamity

%COMMONPROGRAMFILES%\Ontofan

%COMMONPROGRAMFILES%\OpenOvedom

%COMMONPROGRAMFILES%\OverLab

%COMMONPROGRAMFILES%\Ozercom

%COMMONPROGRAMFILES%\Physlab

%COMMONPROGRAMFILES%\Quojob

%COMMONPROGRAMFILES%\Quotelux

%COMMONPROGRAMFILES%\Qvoity

%COMMONPROGRAMFILES%\Ranfresh

%COMMONPROGRAMFILES%\Rantax

%COMMONPROGRAMFILES%\Rantip

%COMMONPROGRAMFILES%\Runtax

%COMMONPROGRAMFILES%\Soling

%COMMONPROGRAMFILES%\Stockphase

%COMMONPROGRAMFILES%\Strongtech

%COMMONPROGRAMFILES%\Strongtip

%COMMONPROGRAMFILES%\Subsoft

%COMMONPROGRAMFILES%\Tanity

%COMMONPROGRAMFILES%\Tipeco

%COMMONPROGRAMFILES%\ToughHold

%COMMONPROGRAMFILES%\Trusting

%COMMONPROGRAMFILES%\Truststring

%COMMONPROGRAMFILES%\Ventodex

%COMMONPROGRAMFILES%\Ventotone

%COMMONPROGRAMFILES%\Vilaflex

%COMMONPROGRAMFILES%\Villabam

%COMMONPROGRAMFILES%\VolCore

%COMMONPROGRAMFILES%\Voya-Strong

%COMMONPROGRAMFILES%\Zonlex

%COMMONPROGRAMFILES%\Zoomtip

%COMMONPROGRAMFILES%\Zoteco

%COMMONPROGRAMFILES%\Zuntough

%COMMONPROGRAMFILES%\biojob

%COMMONPROGRAMFILES%\dentozimeco

%COMMONPROGRAMFILES%\kanis

%COMMONPROGRAMFILES%\kay-dax

%COMMONPROGRAMFILES%\kinzuncom

%COMMONPROGRAMFILES%\vialax

%COMMONPROGRAMFILES%\zaamtom

%COMMONPROGRAMFILES%\zunfax

%COMMONPROGRAMFILES(x86)%\AlphaString

%COMMONPROGRAMFILES(x86)%\Alphafan

%COMMONPROGRAMFILES(x86)%\Alphait

%COMMONPROGRAMFILES(x86)%\Alphatone

%COMMONPROGRAMFILES(x86)%\Apsing

%COMMONPROGRAMFILES(x86)%\BigHotis

%COMMONPROGRAMFILES(x86)%\Bio-Com

%COMMONPROGRAMFILES(x86)%\Biodonkix

%COMMONPROGRAMFILES(x86)%\Biolight

%COMMONPROGRAMFILES(x86)%\Cofgohold

%COMMONPROGRAMFILES(x86)%\Confind

%COMMONPROGRAMFILES(x86)%\Donsillax

%COMMONPROGRAMFILES(x86)%\Doublelab

%COMMONPROGRAMFILES(x86)%\Ecojob

%COMMONPROGRAMFILES(x86)%\FaseQuoit

%COMMONPROGRAMFILES(x86)%\Finphase

%COMMONPROGRAMFILES(x86)%\Fix-Fan

%COMMONPROGRAMFILES(x86)%\Fixfax

%COMMONPROGRAMFILES(x86)%\FreshReddax

%COMMONPROGRAMFILES(x86)%\Freshlatlex

%COMMONPROGRAMFILES(x86)%\Goodlex

%COMMONPROGRAMFILES(x86)%\GrooveTax

%COMMONPROGRAMFILES(x86)%\Groovecof

%COMMONPROGRAMFILES(x86)%\HatTrax

%COMMONPROGRAMFILES(x86)%\Hometough

%COMMONPROGRAMFILES(x86)%\Icetech

%COMMONPROGRAMFILES(x86)%\Inchstrong

%COMMONPROGRAMFILES(x86)%\IndigoNix

%COMMONPROGRAMFILES(x86)%\Jobwarm

%COMMONPROGRAMFILES(x86)%\Joy-Com

%COMMONPROGRAMFILES(x86)%\Kanla

%COMMONPROGRAMFILES(x86)%\KinDom

%COMMONPROGRAMFILES(x86)%\Kinin

%COMMONPROGRAMFILES(x86)%\KonkDondax

%COMMONPROGRAMFILES(x86)%\Konksailnix

%COMMONPROGRAMFILES(x86)%\Labzap

%COMMONPROGRAMFILES(x86)%\Lamcof

%COMMONPROGRAMFILES(x86)%\Lamity

%COMMONPROGRAMFILES(x86)%\Math-Tax

%COMMONPROGRAMFILES(x86)%\Ontofan

%COMMONPROGRAMFILES(x86)%\OpeHotcom

%COMMONPROGRAMFILES(x86)%\OpenOvedom

%COMMONPROGRAMFILES(x86)%\OverLab

%COMMONPROGRAMFILES(x86)%\Overron

%COMMONPROGRAMFILES(x86)%\Ozercom

%COMMONPROGRAMFILES(x86)%\Physlab

%COMMONPROGRAMFILES(x86)%\Quojob

%COMMONPROGRAMFILES(x86)%\Quotelux

%COMMONPROGRAMFILES(x86)%\Qvoity

%COMMONPROGRAMFILES(x86)%\Ranfresh

%COMMONPROGRAMFILES(x86)%\Rantax

%COMMONPROGRAMFILES(x86)%\Rantip

%COMMONPROGRAMFILES(x86)%\Runtax

%COMMONPROGRAMFILES(x86)%\S-tax

%COMMONPROGRAMFILES(x86)%\Sailsaobam

%COMMONPROGRAMFILES(x86)%\Soling

%COMMONPROGRAMFILES(x86)%\Statphase

%COMMONPROGRAMFILES(x86)%\Stockphase

%COMMONPROGRAMFILES(x86)%\Strongtech

%COMMONPROGRAMFILES(x86)%\Strongtip

%COMMONPROGRAMFILES(x86)%\Subsoft

%COMMONPROGRAMFILES(x86)%\SumLax

%COMMONPROGRAMFILES(x86)%\Sunlam

%COMMONPROGRAMFILES(x86)%\Tanity

%COMMONPROGRAMFILES(x86)%\Tinfresh

%COMMONPROGRAMFILES(x86)%\Tipeco

%COMMONPROGRAMFILES(x86)%\Top-Sing

%COMMONPROGRAMFILES(x86)%\ToughHold

%COMMONPROGRAMFILES(x86)%\Tresstring

%COMMONPROGRAMFILES(x86)%\Trippletantip

%COMMONPROGRAMFILES(x86)%\Trisla

%COMMONPROGRAMFILES(x86)%\Trusting

%COMMONPROGRAMFILES(x86)%\Truststring

%COMMONPROGRAMFILES(x86)%\Vento-Zap

%COMMONPROGRAMFILES(x86)%\Ventodex

%COMMONPROGRAMFILES(x86)%\Ventotone

%COMMONPROGRAMFILES(x86)%\Ventotop

%COMMONPROGRAMFILES(x86)%\Vilaflex

%COMMONPROGRAMFILES(x86)%\Villabam

%COMMONPROGRAMFILES(x86)%\VolCore

%COMMONPROGRAMFILES(x86)%\Voya-Strong

%COMMONPROGRAMFILES(x86)%\Xxx-Ransoft

%COMMONPROGRAMFILES(x86)%\Y--Tex

%COMMONPROGRAMFILES(x86)%\Zerex

%COMMONPROGRAMFILES(x86)%\Zonlex

%COMMONPROGRAMFILES(x86)%\ZooSiltam

%COMMONPROGRAMFILES(x86)%\Zoomstock

%COMMONPROGRAMFILES(x86)%\Zoomtip

%COMMONPROGRAMFILES(x86)%\Zoteco

%COMMONPROGRAMFILES(x86)%\Zuntough

%COMMONPROGRAMFILES(x86)%\biojob

%COMMONPROGRAMFILES(x86)%\dentozimeco

%COMMONPROGRAMFILES(x86)%\fixcom

%COMMONPROGRAMFILES(x86)%\freshhome

%COMMONPROGRAMFILES(x86)%\kanis

%COMMONPROGRAMFILES(x86)%\math-plus

%COMMONPROGRAMFILES(x86)%\vialax

%COMMONPROGRAMFILES(x86)%\zaamtom

%COMMONPROGRAMFILES(x86)%\zunfax

%PROGRAMFILES%\drÅÀÌ

%PROGRAMFILES%\eakzaihjajkuc

%PROGRAMFILES%\eauknrbnwrpu2

%PROGRAMFILES%\owdbzuqlndefnbhfezr

%PROGRAMFILES%\patience

%PROGRAMFILES%\rfwjmjnpstqu2

%PROGRAMFILES(x86)%\eakzaihjajkuc

%PROGRAMFILES(x86)%\eauknrbnwrpu2

%PROGRAMFILES(x86)%\owdbzuqlndefnbhfezr

%PROGRAMFILES(x86)%\patience

%PROGRAMFILES(x86)%\rfwjmjnpstqu2

%TEMP%\eakzaihjajkuc

%TEMP%\eauknrbnwrpu2

%TEMP%\owdbzuqlndefnbhfezr

%TEMP%\rfwjmjnpstqu2

Cookies

The following cookies may be associated with Snap.do:

feed.snap.do

URLs

Snap.do may call the following URLs:

anysearchmanager.com

feed.24-stream.com

feed.amazingtab.com

feed.any-templates.com

feed.cryptoverto.com

feed.ebooks-club.com

feed.free-converterz.com

feed.funkystreams.com

feed.game-jungle.com

feed.getlive.news

feed.giph-it.com

feed.live-streaming.online

feed.runspeedcheck.com

feed.salahweb.com

feed.sound-hd.com

feed.streamingworldcup.com

moviebox-online.com

pixel.pxcollect.com

protected-search.com

searchfrit.com

videoconverterz.com

Analysis Report

General information

Family Name:	Snap.do
Signature status:	No Signature

Known Samples

MD5: 17d9801dce7b2dc7c46fdd26acc0ba2c

SHA1: 8545820d072de65afcc10387b4c332f1e97a9f94

File Size: 1.90 MB, 1895383 bytes

MD5: 5255c259aea306dc85d02632088eb2f6

SHA1: 968991d2fae12d9590273f73a34ac27a9ce897d3

SHA256: 388CC75558DCD9EA17F7E5375D1B8210C459AB80FBA52858298C15E4CD983A90

File Size: 1.09 MB, 1085448 bytes

MD5: 50537fe7850cc6bc1543831aaaefcd8b

SHA1: 555f9c5f06cfda575a47c4823d34ff7d64e41c69

SHA256: 5CE4D65B4516C87D3570409A9A5653AC5082332A9BEC0E57656B34DDCDE01598

File Size: 1.78 MB, 1784582 bytes

MD5: 08564401d98ca3aef076f5bcff6fd92b

SHA1: 87491142ca85ee8c43697811d714a45b4feaf8f3

SHA256: 94344C9883EC50E7EFB8F4A659E7DF27EB45D29ECD77E966965904C2C1E9BA78

File Size: 46.08 KB, 46080 bytes

MD5: 5b9a59e587e521a340a0f67fc8cf9c42

SHA1: 178941db8e34e3796d6f614c4734e8d50eac0f81

SHA256: FC4D59C280A1600138EA6751200C41409FAA9743F56DDB2DA426DC03741094F4

File Size: 28.67 KB, 28672 bytes

MD5: 0a310c5fe82ee582182b13670904f3db

SHA1: 6cfdcfde9260096f676d0f291855f0ef4a4b69cd

SHA256: 9DC6F63F89D57DFB55CBDB0961141A16C79AD81191B6FE5F16DD8FC06D812752

File Size: 143.36 KB, 143360 bytes

MD5: be818539582ce5a7e1cb02131337c86c

SHA1: 0866adf752e61a32111a3b5873a353b455faaa91

SHA256: 807B1D5B01F4A00A6042B7FCC65166878A664D4217B6F20334403BF6E6FA7A32

File Size: 1.90 MB, 1895380 bytes

MD5: 3bf1f473ad29a813a7ee57758227399b

SHA1: 5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8

SHA256: 908BF77A1649EF5B6D392A085BD390109DE634BBDDBC32735B376EF312EAC23F

File Size: 278.51 KB, 278509 bytes

MD5: 930ac080f1d1a9c28206693393ac14c8

SHA1: 58bf542fda7b4ceb31a4380c5af4f4581fe7c40e

SHA256: 8A01C22729651C8A690242ADBEB20BF4FEB88F94F16B072EA9971867404CB0EE

File Size: 278.51 KB, 278511 bytes

MD5: 3823bd64dc7bab0fbbbdee49126ac939

SHA1: 786ada42d0f88ac5be1ce5667be4cc13283289ec

SHA256: 1F70AAD5E8FF7B0C70E97370A11F214AE1291A1503EEA8FD16485D587F938844

File Size: 278.52 KB, 278518 bytes

MD5: eb3102f5aa56414121b5b606c6b96bbf

SHA1: d9226e505ea4dd21a3fbcf843280489c1f04cf64

SHA256: 81C963787897B391D38520C9C70CDCCE6E6888E20071EB918354D8A81055026D

File Size: 1.90 MB, 1895383 bytes

MD5: 5179732733e1692e6dd203798a9209ff

SHA1: fbf87847dc4e35b728b05038fe9454e6e0de4053

SHA256: 3652266AE06A904C64131AC62246DE3BC1418D248C180BAFFF9BA384F5E4E894

File Size: 352.86 KB, 352855 bytes

MD5: a4406a102105a87d3fa1a7cf0afe8521

SHA1: c5a253b7c27b1f02910cc4977659a25fc6d73330

SHA256: C024E8A4FBA1F6890D1C4B56EAC302644377949FD18D232BEA603312AA862011

File Size: 350.54 KB, 350544 bytes

MD5: 67473d7d1837c6f36b4c234dd418ea1c

SHA1: 6a84ee99b5ebc4d9d13c1b92ff453b4af97964c4

SHA256: 0C5F77732629EB72073D852906AB55809FF3C5BC405AD8E3A9B9629E1DCCFA14

File Size: 1.90 MB, 1895382 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File is .NET application
File is 32-bit executable
File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)

File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Assembly Version	1.0.0.0 0.8.0.0
Comments	Shopping Helper Smartbar
File Description	Shopping Helper Smartbar Smartbar.Resources.LanguageSettings TrotiNet
File Version	1.0.0.0 0.8.0.0
Internal Name	Smartbar.Resources.LanguageSettings.resources.dll SmartbarInternetExplorerBHO.dll TrotiNet.dll
Legal Copyright	Copyright © 2012 Copyright © TrotiNet Team 2011-2013
Original Filename	Smartbar.Resources.LanguageSettings.resources.dll SmartbarInternetExplorerBHO.dll TrotiNet.dll
Product Name	Shopping Helper Smartbar Smartbar.Resources.LanguageSettings TrotiNet
Product Version	1.0.0.0 0.8.0.0

Digital Signatures

Signer	Root	Status
MY POP SHOP LTD	UTN-USERFirst-Object	Root Not Trusted
ReSoft LTD.	UTN-USERFirst-Object	Hash Mismatch

File Traits

.NET
Acronis Installer
dll
HighEntropy
Installer Manifest
No Version Info
RAR (In Overlay)
RARinO
WinRAR SFX
WinZip SFX

WRARSFX
x64
x86
ZIP (In Overlay)
ZIPinO

Files Modified

File	Attributes
c:\programdata\logic cramble\set.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\logic cramble\set.exe.config	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\logic cramble\system.data.sqlite.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\system.data.sqlite.linq.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\system.data.sqlite.xml	Generic Write,Read Attributes
c:\programdata\logic cramble\x64\sqlite.interop.dll	Generic Write,Read Attributes
c:\programdata\logic cramble\x86\sqlite.interop.dll	Generic Write,Read Attributes
c:\programdata\networkpacketmanitor	Synchronize,Write Attributes
c:\programdata\networkpacketmanitor\__tmp_rar_sfx_access_check_13199750	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\networkpacketmanitor\nettrans.exe	Generic Write,Read Attributes

c:\programdata\networkpacketmanitor\nettrans.exe	Synchronize,Write Attributes
c:\programdata\networkpacketmanitor\nettrans.exe.config	Generic Write,Read Attributes
c:\programdata\networkpacketmanitor\nettrans.exe.config	Synchronize,Write Attributes
c:\programdata\prefssecure	Synchronize,Write Attributes
c:\programdata\prefssecure\__tmp_rar_sfx_access_check_153473046	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\prefssecure\__tmp_rar_sfx_access_check_928656	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\prefssecure\nettrans.exe	Generic Write,Read Attributes
c:\programdata\prefssecure\nettrans.exe	Synchronize,Write Attributes
c:\programdata\prefssecure\nettrans.exe.config	Generic Write,Read Attributes
c:\programdata\prefssecure\nettrans.exe.config	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2145625	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2146234	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_22828	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926062	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_3318750	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_443312	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe.config	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\logichandler.exe.config	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.linq.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\system.data.sqlite.linq.dll	Synchronize,Write Attributes

Registry Modifications

Key::Value	Data	API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	얈딡Ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey

HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꋨ娪䴞ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	됫菒屑ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	驘叶橘ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	튵㿈茝ǜ	RegNtPreCreateKey
HKCU\local settings\muicache\1b\52c64b7e::@c:\windows\system32\ndfapi.dll,-40001	Windows Network Diagnostics	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation
User Data Access	GetComputerNameEx GetUserDefaultLocaleName GetUserObjectInformation
Keyboard Access	GetKeyState
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Service Control	OpenSCManager
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile Show More ntdll.dll!NtCreateMutant ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtMapViewOfSection ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDebugFilterState ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForSingleObject ntdll.dll!NtWaitForWorkViaWorkerFactory ntdll.dll!NtWaitLowEventPair ntdll.dll!NtWorkerFactoryWorkerReady ntdll.dll!NtWriteFile ntdll.dll!NtWriteVirtualMemory UNKNOWN win32u.dll!NtGdiAnyLinkedFonts win32u.dll!NtGdiBitBlt win32u.dll!NtGdiCreateBitmap win32u.dll!NtGdiCreateCompatibleBitmap win32u.dll!NtGdiCreateCompatibleDC win32u.dll!NtGdiCreateDIBitmapInternal win32u.dll!NtGdiCreateRectRgn win32u.dll!NtGdiCreateSolidBrush win32u.dll!NtGdiDeleteObjectApp win32u.dll!NtGdiDoPalette win32u.dll!NtGdiDrawStream win32u.dll!NtGdiExtGetObjectW win32u.dll!NtGdiExtTextOutW win32u.dll!NtGdiFontIsLinked win32u.dll!NtGdiGetCharABCWidthsW win32u.dll!NtGdiGetDCDword win32u.dll!NtGdiGetDCforBitmap win32u.dll!NtGdiGetDCObject win32u.dll!NtGdiGetDeviceCaps win32u.dll!NtGdiGetDIBitsInternal win32u.dll!NtGdiGetEntry win32u.dll!NtGdiGetFontData win32u.dll!NtGdiGetGlyphIndicesW win32u.dll!NtGdiGetOutlineTextMetricsInternalW win32u.dll!NtGdiGetRandomRgn win32u.dll!NtGdiGetRealizationInfo win32u.dll!NtGdiGetTextFaceW win32u.dll!NtGdiGetTextMetricsW win32u.dll!NtGdiGetWidthTable win32u.dll!NtGdiHfontCreate win32u.dll!NtGdiIntersectClipRect win32u.dll!NtGdiQueryFontAssocInfo win32u.dll!NtGdiRestoreDC win32u.dll!NtGdiSaveDC 68 additional items are not displayed above.
Process Terminate	TerminateProcess
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory

Shell Command Execution


							(NULL) C:\Users\Dexqkvmh\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\8545820d072de65afcc10387b4c332f1e97a9f94_0001895383.exe"


							"C:\Users\Dexqkvmh\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


							"cmd.exe" /c sc create "backlh" binPath= "C:\ProgramData\Logic Cramble\set.exe" DisplayName= "Background Logic Handler" start= "auto"


							C:\WINDOWS\system32\sc.exe sc  create "backlh" binPath= "C:\ProgramData\Logic Cramble\set.exe" DisplayName= "Background Logic Handler" start= "auto"


							WriteConsole: [SC] CreateServi


									C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\178941db8e34e3796d6f614c4734e8d50eac0f81_0000028672.,LiQMAxHB


									(NULL) C:\Users\Suuzwzuw\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\0866adf752e61a32111a3b5873a353b455faaa91_0001895380"


									"C:\Users\Suuzwzuw\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


									WriteConsole: [SC] ChangeServi


									(NULL) C:\ProgramData\PrefsSecure\Nettrans.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe "c:\users\user\downloads\5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8_0000278509"" DisplayName= "Prefs Secure" start= auto


									"cmd.exe" /c C:\WINDOWS\system32\sc.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8_0000278509" DisplayName= "Prefs Secure" start= auto


									C:\WINDOWS\system32\sc.exe C:\WINDOWS\system32\sc.exe  create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\5027a9f4856a37a2be048ca2e993dd0e9cf3a3e8_0000278509" DisplayName= "Prefs Secure" start= auto


									(NULL) C:\ProgramData\PrefsSecure\Nettrans.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe "c:\users\user\downloads\58bf542fda7b4ceb31a4380c5af4f4581fe7c40e_0000278511"" DisplayName= "Prefs Secure" start= auto


									"cmd.exe" /c C:\WINDOWS\system32\sc.exe create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\58bf542fda7b4ceb31a4380c5af4f4581fe7c40e_0000278511" DisplayName= "Prefs Secure" start= auto


									C:\WINDOWS\system32\sc.exe C:\WINDOWS\system32\sc.exe  create Nettrans binPath= "C:\ProgramData\PrefsSecure\Nettrans.exe c:\users\user\downloads\58bf542fda7b4ceb31a4380c5af4f4581fe7c40e_0000278511" DisplayName= "Prefs Secure" start= auto


									(NULL) C:\ProgramData\NetworkPacketManitor\Nettrans.exe create Nettrans binPath= "C:\ProgramData\NetworkPacketManitor\Nettrans.exe "c:\users\user\downloads\786ada42d0f88ac5be1ce5667be4cc13283289ec_0000278518"" DisplayName= "Network Packet Manitor" start= auto


									"cmd.exe" /c C:\WINDOWS\system32\sc.exe create Nettrans binPath= "C:\ProgramData\NetworkPacketManitor\Nettrans.exe c:\users\user\downloads\786ada42d0f88ac5be1ce5667be4cc13283289ec_0000278518" DisplayName= "Network Packet Manitor" start= auto


									C:\WINDOWS\system32\sc.exe C:\WINDOWS\system32\sc.exe  create Nettrans binPath= "C:\ProgramData\NetworkPacketManitor\Nettrans.exe c:\users\user\downloads\786ada42d0f88ac5be1ce5667be4cc13283289ec_0000278518" DisplayName= "Network Packet Manitor" start= auto


									(NULL) C:\Users\Bfviuslq\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\d9226e505ea4dd21a3fbcf843280489c1f04cf64_0001895383"


									"C:\Users\Bfviuslq\AppData\Local\Temp\RarSFX0\LogicHandler.exe"


									(NULL) C:\Users\Mdlgqdel\AppData\Local\Temp\RarSFX0\LogicHandler.exe "c:\users\user\downloads\6a84ee99b5ebc4d9d13c1b92ff453b4af97964c4_0001895382"


									"C:\Users\Mdlgqdel\AppData\Local\Temp\RarSFX0\LogicHandler.exe"

2 Comments

Douglas Wright 11 years ago Reply

I searched n searched the web for a way to remove snapdo from my computer after not being able to find it in my list of programs in the control panel and resetting my browser setting, i finally recognized the icon in my programs x86 it may come up as PRODUCTUI go in that folder and select uninstall.exe. it is now removed as of 2 mins ago.

rizwana minhaj 10 years ago Reply

i searched and searched the web to remove snapdo virus from my computer

Snap.do

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove Snap.do

File System Details

Registry Details

Directories

Cookies

URLs

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

2 Comments

Submit Comment

Related Posts

Trending

Most Viewed