» escorteng.dll
Overview
Analysis
File Details
Programs (3)

escorteng.dll

Volonet Ltd

The module escorteng.dll by Volonet has been detected as adware by 8 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Funmoods by Volonet Ltd and Gossiper Toolbar by Conduit Ltd., both potentially unwanted software.

File name:

escorteng.dll

Publisher:

Funmoods (signed by Volonet Ltd)

Product:

Funmoods

Version:

1.5.23.0

MD5:

5c8cbd98a90e5b8007be9e63720d38a5

SHA-1:

f9e5e0ed68c9f4b781eaa1de18f6469470ec0be3

SHA-256:

78db11a88a4f49304980d8fe2f6b13fda74e1a67515bf0915df3435b9497e71a

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

4/19/2024 7:24:48 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Boost by Reason

Adware.Volonet.J

2013.11.4.0

Dr.Web

Adware.Funmoods.1

9.0.1.0308

ESET NOD32

Win32/Toolbar.Funmoods

7.9190

Malwarebytes

PUP.FunMoods

v2013.11.04.12

Reason Heuristics

PUP.Volonet.J

14.8.7.21

Sophos

Funmoods Toolbar

4.96

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10301

File size:

539 KB (551,888 bytes)

Product version:

1.5.23.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\funmoods\1.5.23.22\escorteng.dll

Digital Signature

Signed by:

Volonet Ltd

Authority:

COMODO CA Limited

Valid from:

1/11/2012 8:00:00 AM

Valid to:

11/26/2013 7:59:59 AM

Subject:

CN=Volonet Ltd, O=Volonet Ltd, STREET=hazfira 19, L=Tel Aviv, S=Israel, PostalCode=67778, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D9EB879A7F4ADB713BB56F5D9EA449DA

Registration

CLSID:

{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/22/2012 10:03:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:8uWI4Gpsk+WeFqrU4azRRZazP9NOzGJAh+ZKJV+rFaVU20tNYV7Zk1f4SCaL:8Wp+1+AJV+rFazv7ZkZ9L

Entry address:

0x41D5A

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 9C, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, E8, AA, 58, 00, 00, FF, 75, 10, 83, C0, 20, 50, FF, 75, 0C, FF, 75, 08, E8, AD, 9C, 00, 00, 83, C4, 10, 5D, C3, 8B, FF, 55, 8B, EC, 6A, 00, FF, 75, 0C, FF, 75, 08, E8, CD, FF, FF, FF, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, 83, 65, FC, 00, 56, 8B, 75, 08, 85, F6, 75, 16, E8, 76, 3B, 00, 00, 6A, 16, 5E, 89, 30, E8, 1A, 3B, 00, 00, 8B, C6... 
[+]

Entropy:

6.4261

Code size:

365 KB (373,760 bytes)

The file escorteng.dll has been discovered within the following programs.

Funmoods by Volonet Ltd

From the license: "In order to provide you with the services, Funmoods may install browser add-ons, plugins or widgets to any and all of your browsers.

www.funmoods.com

87% remove it

Funmoods Web Search by Mindspark Interactive Network

Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.

start.funmoods.com

72% remove it

Gossiper Toolbar by Conduit Ltd.

Gossiper Toolbar is a Conduit Community toolbar for various web browsers. The toolbar collects information about a user's web browsing habits and sends this information to Conduit so they can suggest services or provide advertising.

Gossiper.OurToolbar.com

65% remove it

Remove escorteng.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.