home

escortlbr.dll

Volonet Ltd

The module escortlbr.dll by Volonet has been detected as adware by 8 anti-malware scanners. It is installed as a toolbar in Internet Explore as ‘Funmoods Toolbar’. Additionally, the file is typically installed by a number of programs including Funmoods by Volonet Ltd and Gossiper Toolbar by Conduit Ltd., both potentially unwanted software.
Publisher:
Funmoods  (signed by Volonet Ltd)

Product:
Funmoods

Version:
1.5.23.0

MD5:
5757860dc188218396fe9e5d1d7d0f58

SHA-1:
879fcb98518eecb5a1c01402aa00e52ec5fd9c6f

SHA-256:
bac85636258261878970e711f8f7dbfd3ad01997bab124a14cf7dcb376152aae

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
4/24/2024 3:19:05 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Toolbar.Volonet.J
188838

Dr.Web
Adware.Funmoods.1
9.0.1.0355

ESET NOD32
Win32/Toolbar.Funmoods
7.9244

K7 AntiVirus
Unwanted-Program
13.174.10588

Malwarebytes
PUP.FunMoods
v2013.12.21.11

McAfee
Artemis!E57BA941C5D1
5600.6992

Reason Heuristics
PUP.Toolbar.Volonet.J
14.8.7.21

Sophos
Funmoods Toolbar
4.96

File size:
246 KB (251,856 bytes)

Product version:
1.5.23.0

Copyright:
(c) Funmoods.com. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\funmoods\1.5.23.22\escortlbr.dll

Digital Signature
Signed by:
Volonet Ltd

Authority:
COMODO CA Limited

Valid from:
1/10/2012 6:00:00 PM

Valid to:
11/25/2013 5:59:59 PM

Subject:
CN=Volonet Ltd, O=Volonet Ltd, STREET=hazfira 19, L=Tel Aviv, S=Israel, PostalCode=67778, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D9EB879A7F4ADB713BB56F5D9EA449DA

Registration
CLSID:
{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}

ProgID:
funmoods.dskBnd.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
4/22/2012 9:04:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:GenjUceMqnqzBWrjTpKyM1tJKsiCnI560EoLhuJxQRSN:Gej4jbMy+JKsiCni6XzJqRs

Entry address:
0x184AB

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 03, 4F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, 57, FF, 75, 10, 8D, 4D, F0, E8, 68, F5, FF, FF, 8B, 7D, 08, 85, FF, 75, 27, E8, BB, 0D, 00, 00, C7, 00, 16, 00, 00, 00, E8, 36, 23, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, A5, 00, 00, 00, 56, 8B, 75, 0C, 85, F6, 75, 24, E8, 8C, 0D, 00, 00, C7, 00, 16, 00, 00, 00, E8, 07, 23, 00, 00, 80, 7D, FC...
 
[+]

Entropy:
6.2972

Code size:
155.5 KB (159,232 bytes)

Internet Explorer Toolbar
Display name:
Funmoods Toolbar

CLSID:
{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}


The file escortlbr.dll has been discovered within the following programs.

Funmoods  by Volonet Ltd
From the license: "In order to provide you with the services, Funmoods may install browser add-ons, plugins or widgets to any and all of your browsers.
www.funmoods.com
87% remove it
Funmoods Web Search  by Mindspark Interactive Network
Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.
start.funmoods.com
72% remove it
Gossiper Toolbar  by Conduit Ltd.
Gossiper Toolbar is a Conduit Community toolbar for various web browsers. The toolbar collects information about a user's web browsing habits and sends this information to Conduit so they can suggest services or provide advertising.
Gossiper.OurToolbar.com
65% remove it
 
Powered by Should I Remove It?

Remove escortlbr.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.