» addentool.dll
Overview
Analysis
File Details
Behaviors (1)

addentool.dll

stimpack

The module addentool.dll by stimpack has been detected as a potentially unwanted program by 21 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘addentool Helper’.

File name:

addentool.dll

Publisher:

stimpack (signed and verified)

Version:

1.1.0.5

MD5:

d7670beb8ba26e4211b9835b3e5bc35c

SHA-1:

ab501a97518dfb47c5b2d04798b3d2f04ef60528

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:39:43 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Addendum

16.06.14

Avira AntiVirus

Adware/Addendum.B

7.11.150.188

AVG

Skodna.Generic

2017.0.2713

Baidu Antivirus

AdWare.Win32.Kraddare

4.0.3.16614

Bitdefender

Gen:Variant.Adware.Graftor.Elzob.18095

1.0.20.830

Clam AntiVirus

Win.Adware.Graftor-83

0.98/213

Comodo Security

UnclassifiedMalware

18306

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.Elzob.18095

8.16.06.14.07

ESET NOD32

Win32/Adware.Kraddare.AR (variant)

10.9827

Fortinet FortiGate

Riskware/Kraddare

6/14/2016

F-Secure

Gen:Variant.Adware.Graftor.Elzob.18095

11.2016-14-06_3

G Data

Gen:Variant.Adware.Graftor.Elzob.18095

16.6.24

IKARUS anti.virus

AdWare.Addendum

t3scan.1.6.1.0

Malwarebytes

Adware.Addendum.K

v2016.06.14.07

McAfee

Artemis!D7670BEB8BA2

5600.6369

MicroWorld eScan

Gen:Variant.Adware.Graftor.Elzob.18095

17.0.0.498

Panda Antivirus

Trj/CI.A

16.06.14.07

Qihoo 360 Security

Win32/Trojan.Adware.7d7

1.0.0.1015

Sophos

Generic PUA KL

4.98

Trend Micro House Call

TROJ_GEN.F47V0329

7.2.166

VIPRE Antivirus

Trojan.Win32.Generic

29442

File size:

195.1 KB (199,744 bytes)

Product version:

1.1.0.5

Original file name:

addentool.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\addentool\addentool.dll

Digital Signature

Signed by:

stimpack

Authority:

Thawte, Inc.

Valid from:

10/12/2011 9:00:00 AM

Valid to:

10/12/2012 8:59:59 AM

Subject:

CN=stimpack, O=stimpack, L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

48B9C4BD9AE7ED7029E78BFD796E0CC2

Registration

CLSIDs:

{25AC3AD7-6C7F-49F9-B38D-25FE4A53F595}, {BC68E426-72B1-4C4C-9910-D802FF47616D}

ProgID:

addentoolside.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

5/6/2011 10:55:21 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:G+s22J79LsB6EOcglK1NSmE/JR/dYcUAMkhHZ870F1I:G+vA7M6MglKPEL/dYvAx2I

Entry address:

0x14D18

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EB, 63, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03... 
[+]

Entropy:

6.3992

Code size:

125.5 KB (128,512 bytes)

Internet Explorer BHO

Display name:

addentool Helper

CLSID:

{BC68E426-72B1-4C4C-9910-D802FF47616D}

CLSID name:

addentool Class

Remove addentool.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.