» escortapp.dll
Overview
Analysis
File Details
Programs (3)

escortapp.dll

Volonet Ltd

The module escortapp.dll by Volonet has been detected as adware by 7 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Funmoods by Volonet Ltd and Gossiper Toolbar by Conduit Ltd., both potentially unwanted software.

File name:

escortapp.dll

Publisher:

Funmoods (signed by Volonet Ltd)

Product:

Funmoods

Version:

1.5.23.0

MD5:

e31194cd38b2da193d0130a1abced783

SHA-1:

242828f8dd0288145bb9eb8c38f2a9a2ef0ea135

SHA-256:

a7533c3d5f698af138d64f0d77f4680a56878bd421acaa810c8d685f61232b80

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/18/2024 11:41:53 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Adware.Volonet.J

2013.11.3.23

Dr.Web

Adware.Funmoods.1

9.0.1.0307

ESET NOD32

Win32/Toolbar.Funmoods

7.9190

K7 AntiVirus

Unwanted-Program

13.174.10588

Malwarebytes

PUP.FunMoods

v2013.11.03.11

Reason Heuristics

PUP.Volonet.J

14.8.7.21

Sophos

Funmoods Toolbar

4.96

File size:

330.5 KB (338,384 bytes)

Product version:

1.5.23.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\funmoods\1.5.23.22\escortapp.dll

Digital Signature

Signed by:

Volonet Ltd

Authority:

COMODO CA Limited

Valid from:

1/11/2012 8:00:00 AM

Valid to:

11/26/2013 7:59:59 AM

Subject:

CN=Volonet Ltd, O=Volonet Ltd, STREET=hazfira 19, L=Tel Aviv, S=Israel, PostalCode=67778, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D9EB879A7F4ADB713BB56F5D9EA449DA

Registration

CLSID:

{A9DB719C-7156-415E-B49D-BAD039DE4F13}

ProgID:

funmoodsApp.appCore.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/25/2012 2:23:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:mx3103inYAYQw0eTC4yoDqOztqGCPKKMFj5VRXmrXD:mpS3inYAYQH0Eo+O5qGCPMFj5VRXwD

Entry address:

0x265D7

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C7, 66, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A0, DE, 04, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, E3, 5C, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29... 
[+]

Entropy:

6.3574

Code size:

227.5 KB (232,960 bytes)

The file escortapp.dll has been discovered within the following programs.

Funmoods by Volonet Ltd

From the license: "In order to provide you with the services, Funmoods may install browser add-ons, plugins or widgets to any and all of your browsers.

www.funmoods.com

87% remove it

Funmoods Web Search by Mindspark Interactive Network

Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.

start.funmoods.com

72% remove it

Gossiper Toolbar by Conduit Ltd.

Gossiper Toolbar is a Conduit Community toolbar for various web browsers. The toolbar collects information about a user's web browsing habits and sends this information to Conduit so they can suggest services or provide advertising.

Gossiper.OurToolbar.com

65% remove it

Remove escortapp.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.