» alnaddytoolbarapp.dll
Overview
Analysis
File Details
Programs (1)

alnaddytoolbarapp.dll

Alnaddy Toolbar

Montera Technologeis LTD

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module alnaddytoolbarapp.dll by Montera Technologeis has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Alnaddy.com toolbar on IE and Chrome by Conduit Ltd. which is a potentially unwanted software program.

File name:

Publisher:

Alnaddy.com (signed by Montera Technologeis LTD)

Product:

Alnaddy Toolbar

Version:

1.6.9.0

MD5:

6309d43d6bf9db18e33971b7abf346c1

SHA-1:

b6e12250d51722dc0766d6e4f982859c01ab6881

SHA-256:

7ac0cf4672138a9a9f931102caca2a6fa7fa3e287af6104ab596a1902c7c7865

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 7:01:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Montiera.Montera.Toolbar (M)

16.2.11.0

File size:

356.1 KB (364,648 bytes)

Product version:

1.6.9.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\alnaddy.com\alnaddytoolbar\1.6.9.5\alnaddytoolbarapp.dll

Digital Signature

Signed by:

Montera Technologeis LTD

Authority:

COMODO CA Limited

Valid from:

5/28/2012 4:00:00 AM

Valid to:

5/29/2013 3:59:59 AM

Subject:

CN=Montera Technologeis LTD, O=Montera Technologeis LTD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

361B49E5431DD304CA32589D28E4DD3C

File PE Metadata

Compilation timestamp:

8/21/2012 4:29:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:dz8oIQnz8H62m7eZVM/aCXGPFcy3RmwugsO2dzTbPZVUK09cYW1D:pDIQnzu6n7yyiCXG9cy3mgsO2VZuO9

Entry address:

0x265D7

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C7, 66, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A0, DE, 04, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, E3, 5C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29... 
[+]

Entropy:

6.3844

Code size:

228 KB (233,472 bytes)

The file alnaddytoolbarapp.dll has been discovered within the following program.

Alnaddy.com toolbar on IE and Chrome by Conduit Ltd.

This is a Conduit toolbar installed in the user's Web browsers (IE, Chrome and Firefox) that collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide ads via the toolbar.

www.ourtoolbar.com

61% remove it

Remove alnaddytoolbarapp.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.