» alnaddytoolbarsrv.exe
Overview
Analysis
File Details
Programs (1)

alnaddytoolbarsrv.exe

Montera Technologeis LTD

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application alnaddytoolbarsrv.exe by Montera Technologeis has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Alnaddy.com toolbar on IE and Chrome by Conduit Ltd. which is a potentially unwanted software program.

File name:

Publisher:

Montera Technologeis LTD (signed and verified)

MD5:

960865804a8e18529dc5fb60483c1531

SHA-1:

3e506a07af863205352cd78c9336a01aa8ec5ff3

SHA-256:

ff57d4401bf54c66e0f5d829de748ab81993a7ecf28102b408c74b15bb649e32

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/18/2024 10:01:45 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Montiera.Montera (M)

16.2.11.0

File size:

361.6 KB (370,280 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\alnaddy.com\alnaddytoolbar\1.6.9.5\alnaddytoolbarsrv.exe

Digital Signature

Signed by:

Montera Technologeis LTD

Authority:

COMODO CA Limited

Valid from:

5/28/2012 4:00:00 AM

Valid to:

5/29/2013 3:59:59 AM

Subject:

CN=Montera Technologeis LTD, O=Montera Technologeis LTD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

361B49E5431DD304CA32589D28E4DD3C

File PE Metadata

Compilation timestamp:

8/21/2012 4:30:24 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:rrlxnOISDIpMk1Ze/wl7O6X/nIii9aZWVKcnEW/lPh0VNzr:PlFNSDIpM+Zeol7O6vnIii9aZkpnEgP+

Entry address:

0x28C07

Entry point:

E8, F6, 85, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 57, FF, 75, 10, 8D, 4D, F0, E8, 98, E2, FF, FF, 8B, 7D, 08, 85, FF, 75, 27, E8, 0A, 0F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 2D, 12, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, A5, 00, 00, 00, 56, 8B, 75, 0C, 85, F6, 75, 24, E8, DB, 0E, 00, 00, C7, 00, 16, 00, 00, 00, E8, FE, 11, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, EB, 78, 53, 8B, 5D, F4, 83, 7B, 08, 00... 
[+]

Entropy:

6.3329

Code size:

250 KB (256,000 bytes)

The file alnaddytoolbarsrv.exe has been discovered within the following program.

Alnaddy.com toolbar on IE and Chrome by Conduit Ltd.

This is a Conduit toolbar installed in the user's Web browsers (IE, Chrome and Firefox) that collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide ads via the toolbar.

www.ourtoolbar.com

61% remove it

Remove alnaddytoolbarsrv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.