SaltarSmart

Category: Adware and PUAs Protection available since:13 Sep 2013 20:07:06 (GMT)
Type: Adware Last Updated:27 Sep 2013 19:03:15 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of SaltarSmart include:

Example 1

File Information

Size
172K
SHA-1
b172d4e792b9a8e63c8c37fbbb5e94a15c0c62e8
MD5
98da4f23d4412fda3b08f7cf78ef1dc2
CRC-32
58aae44b
File type
Windows executable
First seen
2013-08-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\UserInfo.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\nsJSON.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\System.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\NSISEncrypt.dll
    Size
    69K
    SHA-1
    af1a622817f25eee02c4fbbf277ed2e7062d2c2c
    MD5
    0d2bc32c25179373a96127b74b68c204
    CRC-32
    865c805f
    File type
    Windows executable
    First seen
    2013-08-18
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    d2525246251553bad3affb7f42b20b017cb65e23
    MD5
    fcf7aa827a087bb40afffbf576b8c046
    CRC-32
    2ab68ee2
    File type
    Unspecified binary - probably data
    First seen
    2013-09-13
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    107K
    SHA-1
    ca73801b86a44dc7ba81f5b2206c187744686e60
    MD5
    34e558b16f509ef91620801fd44c40f9
    CRC-32
    100a4bb6
    File type
    Encoded certificate
    First seen
    2013-09-13
  • C:\Program Files\SaltarSmart\SaltarSmart.Common.dll
    Size
    14K
    SHA-1
    620b03381b28d20ee9da7f12c1ad0de35416abcf
    MD5
    9146f52555aa0892e0aad6b6d08f7ed6
    CRC-32
    df15173e
    File type
    Windows executable
    First seen
    2013-08-23
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\CRCCheck.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\inetc.dll
  • C:\Program Files\SaltarSmart\Microsoft.Win32.TaskScheduler.dll
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    52K
    SHA-1
    3cae38ab276501f2998191c71f1a91eeaf1d44c6
    MD5
    c63adfc2feeb9a8816f2b38c118b4746
    CRC-32
    18923abd
    File type
    Microsoft CAB archive
    First seen
    2013-07-18
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\IpConfig.dll
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
    Size
    100
    SHA-1
    be4b945501517ca114e394fee38a863dd27e5ed1
    MD5
    6bdcbae1aef60931b95404f0656a54ff
    CRC-32
    d72007b5
    File type
    Unspecified binary - probably data
    First seen
    2013-09-13
  • C:\Program Files\SaltarSmart\updateSaltarSmart.InstallState
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    124
    SHA-1
    81e26a78bff8de37ec39ce09589af6fe95d389bf
    MD5
    ad5845c3a0aeb12add6e3ba272b61a7b
    CRC-32
    a4e5466d
    File type
    Unspecified binary - probably data
    First seen
    2013-09-13
  • C:\Program Files\SaltarSmart\SaltarSmart.ico
    Size
    1.2K
    SHA-1
    b8c1907fbe833169e4f03a4ca6c58e95b6ab9b4c
    MD5
    d1a022ba535c4e4ef6277df0b00d80b3
    CRC-32
    f3d4dd14
    File type
    Unspecified binary - probably data
    First seen
    2013-08-23
  • c:\Documents and Settings\test user\Local Settings\Temp\SaltarSmart\SaltarSmart_Setup.exe
    Size
    770K
    SHA-1
    f80b3f6aac05385817b7f229db180e6ec7b1a609
    MD5
    24cd99110561b3e6d195027d25547f04
    CRC-32
    667b4e5f
    File type
    Windows executable
    First seen
    2013-08-30
  • c:\Documents and Settings\test user\Local Settings\Temp\nsr3.tmp\version.dll
  • C:\Program Files\SaltarSmart\updateSaltarSmart.exe
    Size
    202K
    SHA-1
    12b0a2dbbae48d61143ae8ae7409142d44c6708e
    MD5
    59d0e2c3acedb54adfc5917d230ee225
    CRC-32
    1bbd5e68
    File type
    Windows executable
    First seen
    2013-08-23
  • C:\Program Files\SaltarSmart\SaltarSmartUninstall.exe
    Size
    208K
    SHA-1
    75692c70edd596b94f3a8446a5a5025bc7d71be0
    MD5
    c84649898b0c418a84b7bd52d8943f63
    CRC-32
    60e64d4c
    File type
    Windows executable
    First seen
    2013-08-30
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    (Default)
    F18A7F44-36BF-4608-A5B6-3CE2DBF88471
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    Blob
    □□□□□□□□□□□□□□□□□□□□□@1□p>□ □□□E□p□□0□□□□□0□□□□□□□□□□□@□□□□□□□□Px□□□□□□□□X□□□□`□□□□□pD□P□□□□□□□□□□□□□□□□□□□□`□□□□□p□□□L□□A□□□□`T□0a□□□□□□□□□□□□□ □□□□□`□□P□□ □□□□□0□□□□□p□□□□□□□□@□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□0□□□□09□□□□□3□□3□ □□□□□□□□□□□□□□□□□□□□□~□0□□□□□□k□`*□@□□□□□@e□□□□0□□□□□□□□@□□@□□p□□0□□□□□□□□□□□P□□□□□□#□□!□`□□□□□□□□`□□P□□p□□`0□ 0□□□□□+□`□□@□□ 7□□□□□□□ □□□□□□□□□□□□□□□*□□□□□0□□□□□+□`□□P□□p□□□□□□+□`□□P□□p□□ □□□+□`□□P□□p□□@□□□+□`□□P□□p□□0□□□□□□□□□□□□□□□□□□□□P□□`□□□b□ u□□B□□□□□□□p □□□□□□□□□□□□□@□□□0□ □□00□ □□□□□0□□□□□ □□□□□□□□`}□□□□□!□□□□□k□□J□□□□`□□□□□□□□p□□□□□P□□□0□□□□□□□□□□`□□P□□`□□ U□01□p0□P□□0U□@□□0□□`e□ i□0i□pn□□ □□n□0.□□□□□□□`□□P□□□□□`V□Pr□□S□□g□□ □@r□Ps□@ □□e□@w□□r□□1□□0□□□□0U□@□□01□□c□□ □ 0□□6□□V□Pr□□S□□g□□,□□I□□c□□ □□ □`o□ □□u□@h□□r□□z□Pd□□u□0e□ [... 1404 intervening characters ...] □□□□%□p9□P□□□□□@e□□□□□□□`□□□□□`□□□□□□□□□□□ *□□(□□□□□□□P□□□&□□□□@□□□□□P□□□□□ □□ □□□□□□^□□□□□□□0[□□□□□E□□r□□□□□k□□□□□3□PH□□□□□'□□□□P_□□□□`□□@z□`□□□□□□2□□3□@T□`□□□h□□□□ J□P8□@□□□□□□,□ □□□□□□□□0j□
  • HKLM\SYSTEM\CurrentControlSet\Services\Update SaltarSmart\Enum
    NextInstance
    0x00000001
  • HKLM\SYSTEM\CurrentControlSet\Services\Update SaltarSmart
    FailureActions
    □□□□□□□□□□□□□□□□□□0□□□□□0□□P□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\Update SaltarSmart\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaltarSmart
    EstimatedSize
    0x000000ca
  • HKCU\Software\SaltarSmart
    id
    2013-09-13 14:04:51
  • HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    id
    9
Registry Keys Modified
  • HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\Documents and Settings\LocalService\Application Data
  • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    AppData
    C:\Documents and Settings\LocalService\Application Data
Processes Created
  • c:\docume~1\support\locals~1\temp\saltarsmart\saltarsmart_setup.exe
  • c:\program files\saltarsmart\updatesaltarsmart.exe
HTTP Requests
  • http://172.16.0.2/wpad.dat
  • http://crl.verisign.com/pca3-g5.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://install.saltarsmart.biz/ii
  • http://install.saltarsmart.biz/is
  • http://install.saltarsmart.biz/mg
  • http://wpc.0952.edgecastcdn.net/800952/bdb44067-0d97-4ba9-98fa-ab1ece201a89-install/setup.exe
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • install.saltarsmart.biz
  • wpad
  • wpc.0952.edgecastcdn.net
  • www.download.windowsupdate.com

Example 2

File Information

Size
157K
SHA-1
204a4fb2120e62c7d8db9e438789593c9836990d
MD5
a92043c0ae767421673c1bc87303f77b
CRC-32
03421061
File type
PK ZIP archive
First seen
2013-09-13

Example 3

File Information

Size
202K
SHA-1
12b0a2dbbae48d61143ae8ae7409142d44c6708e
MD5
59d0e2c3acedb54adfc5917d230ee225
CRC-32
1bbd5e68
File type
Windows executable
First seen
2013-08-23

Runtime Analysis

Dropped Files
  • C:\Microsoft.Win32.TaskScheduler.dll
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F
    Size
    100
    SHA-1
    80a5ce7465357bfce12794ec167712f5ba529587
    MD5
    96851a4c3fa638f23a8842f7c108a2dc
    CRC-32
    11d09b83
    File type
    Unspecified binary - probably data
    First seen
    2013-09-27
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Size
    52K
    SHA-1
    3cae38ab276501f2998191c71f1a91eeaf1d44c6
    MD5
    c63adfc2feeb9a8816f2b38c118b4746
    CRC-32
    18923abd
    File type
    Microsoft CAB archive
    First seen
    2013-07-18
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    108K
    SHA-1
    46db16fada99a5798661e453eb5a7abb34315fbd
    MD5
    df456aef879d13cd8618a1cc86ec2f18
    CRC-32
    e1e2f4ad
    File type
    Encoded certificate
    First seen
    2013-09-27
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6
    Size
    124
    SHA-1
    a4b6f35de5ce1aacc9444625e8ece6ce33859e51
    MD5
    fcc5cc6efef1d3e7c7e83b098551e19b
    CRC-32
    b4e29e74
    File type
    Unspecified binary - probably data
    First seen
    2013-09-27
  • C:\SaltarSmart.Common.dll
    Size
    14K
    SHA-1
    620b03381b28d20ee9da7f12c1ad0de35416abcf
    MD5
    9146f52555aa0892e0aad6b6d08f7ed6
    CRC-32
    df15173e
    File type
    Windows executable
    First seen
    2013-08-23
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F
  • c:\Documents and Settings\test user\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Size
    216
    SHA-1
    8f6085c3e26bf7e6c49e57d6d481d9f8395780fa
    MD5
    210db243d60cb657d0e987b8317a2dc5
    CRC-32
    2792d97d
    File type
    Unspecified binary - probably data
    First seen
    2013-09-27
Modified Files
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004
  • %PROFILE%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
    Blob
    □□□□□□□□□□□□□□□□□□□□□@1□p>□ □□□E□p□□0□□□□□0□□□□□□□□□□□@□□□□□□□□Px□□□□□□□□X□□□□`□□□□□pD□P□□□□□□□□□□□□□□□□□□□□`□□□□□p□□□L□□A□□□□`T□0a□□□□□□□□□□□□□ □□□□□`□□P□□ □□□□□0□□□□□p□□□□□□□□@□□□□□□□□□□□@□□□□□□□□P□□ □□□□□□0□□□□09□□□□□3□□3□ □□□□□□□□□□□□□□□□□□□□□~□0□□□□□□k□`*□@□□□□□@e□□□□0□□□□□□□□@□□@□□p□□0□□□□□□□□□□□P□□□□□□#□□!□`□□□□□□□□`□□P□□p□□`0□ 0□□□□□+□`□□@□□ 7□□□□□□□ □□□□□□□□□□□□□□□*□□□□□0□□□□□+□`□□P□□p□□□□□□+□`□□P□□p□□ □□□+□`□□P□□p□□@□□□+□`□□P□□p□□0□□□□□□□□□□□□□□□□□□□□P□□`□□□b□ u□□B□□□□□□□p □□□□□□□□□□□□□@□□□0□ □□00□ □□□□□0□□□□□ □□□□□□□□`}□□□□□!□□□□□k□□J□□□□`□□□□□□□□p□□□□□P□□□0□□□□□□□□□□`□□P□□`□□ U□01□p0□P□□0U□@□□0□□`e□ i□0i□pn□□ □□n□0.□□□□□□□`□□P□□□□□`V□Pr□□S□□g□□ □@r□Ps□@ □□e□@w□□r□□1□□0□□□□0U□@□□01□□c□□ □ 0□□6□□V□Pr□□S□□g□□,□□I□□c□□ □□ □`o□ □□u□@h□□r□□z□Pd□□u□0e□ [... 1404 intervening characters ...] □□□□%□p9□P□□□□□@e□□□□□□□`□□□□□`□□□□□□□□□□□ *□□(□□□□□□□P□□□&□□□□@□□□□□P□□□□□ □□ □□□□□□^□□□□□□□0[□□□□□E□□r□□□□□k□□□□□3□PH□□□□□'□□□□P_□□□□`□□@z□`□□□□□□2□□3□@T□`□□□h□□□□ J□P8□@□□□□□□,□ □□□□□□□□0j□
HTTP Requests
  • http://crl.verisign.com/pca3-g5.crl
  • http://csc3-2010-crl.verisign.com/CSC3-2010.crl
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5.crt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
DNS Requests
  • crl.verisign.com
  • csc3-2010-crl.verisign.com
  • www.download.windowsupdate.com

download Try Sophos products for free
Download now