home

CertifiedToolbar7art.DLL

Simplytech Toolbar

Simply Tech Ltd

One Floor App (Simply Tech/Widdit) distributes and bundles potentially unwanted programs (PUPs) using its OneFloorApp install manager (SimplyInstaller). The module CertifiedToolbar7art.DLL by Simply Tech has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Certified Toolbar 7art’.
Publisher:
Simplytech Ltd.  (signed by Simply Tech Ltd)

Product:
Simplytech Toolbar

Version:
1.0.0.5

MD5:
498dbf6c261837bd5ffb8c64490d924e

SHA-1:
6e3d19d5a804b6fc8b392547f1060870c6f636d6

SHA-256:
22573f585ddf6fcdbf812a159313ddfbd9d025a41f432f7a50770d50402f40a3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/18/2024 3:51:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Widdit (M)
17.3.15.17

File size:
994.6 KB (1,018,440 bytes)

Product version:
1.0.0.5

Copyright:
2012 Simplytech. All rights reserved.

Original file name:
CertifiedToolbar7art.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\certifiedtoolbar7art\certifiedtoolbar7art.dll

Digital Signature
Signed by:
Simply Tech Ltd

Authority:
COMODO CA Limited

Valid from:
4/4/2012 2:00:00 AM

Valid to:
4/5/2014 1:59:59 AM

Subject:
CN=Simply Tech Ltd, O=Simply Tech Ltd, STREET=10 Zarhin street, L=Raanana, S=Raanana, PostalCode=43662, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1FC78D842B3886BB8D32517578F7489C

File PE Metadata
Compilation timestamp:
8/12/2012 11:57:21 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x93713

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 40, C4, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 56, 33, F6, 39, 75, 08, 75, 24, E8, 81, 3A, 00, 00, 89, 30, E8, 67, 3A, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 34, E7, FF, FF, 83, C4, 14, 6A, 16, 58, EB, 55, F7, 45, 0C, F9, FF, FF, FF, 75, D3, FF, 75, 08, FF, 15, 18, 72, 0B, 10, 83, F8, FF, 75, 16, FF, 15, 14, 72, 0B, 10, 50, E8, 52, 3A, 00, 00, 59, E8, 26, 3A, 00, 00, 8B, 00, EB...
 
[+]

Entropy:
6.6324

Code size:
724 KB (741,376 bytes)

Internet Explorer BHO
CLSID:
{d848bb4b-0292-4c8b-8154-f259518f0061}

CLSID name:
Certified Toolbar 7art


Remove CertifiedToolbar7art.DLL - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.