escortshld.dll

The library escortshld.dll has been detected as malware by 46 anti-virus scanners. This file is typically installed with the program Babylon toolbar by Babylon Ltd which is a potentially unwanted software program. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Remove escortshld.dll - Powered by Reason Core Security
MD5:
716737d020d6652b748e3ec32d6d421f

SHA-1:
a1dc15dde4b81e0a7317fe97bf9c6267322a1b84

SHA-256:
83f2b48f71d678c9a6e3b56278b122b6088225be81d8003ae60329ea8346f271

Scanner detections:
46 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/10/2016 12:12:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Ramnit.N
877

Agnitum Outpost
Win32.Nimnul.Gen.2
7.1.1

AhnLab V3 Security
Win32/Ramnit.G
2014.08.29

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

Antiy Labs AVL
Virus/Win32.Nimnul.a
1.0.0.1

avast!
Win32:RmnDrp
2014.9-140911

AVG
Win32/Zbot.F
2015.0.3355

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.14911

Bitdefender
Win32.Ramnit.N
1.0.20.1270

Bkav FE
W32.InjectAdwaredDwnA1.PE
1.3.0.4959

Clam AntiVirus
W32.Ramnit-1
0.98/19312

CMC Antivirus
Virus.Win32.Ramit.1!O
1.1.0.977

Comodo Security
Virus.Win32.Ramnit.K
19347

Dr.Web
Adware.Toolbar.175
9.0.1.0161

Emsisoft Anti-Malware
Win32.Ramnit.N
8.14.09.11.11

ESET NOD32
Win32/Ramnit.H virus
8.7.0.302.0

Fortinet FortiGate
W32/Ramnit.C
9/11/2014

F-Prot
W32/Ramnit.E
v6.4.6.5.141

F-Secure
Win32.Ramnit.N
11.2014-11-09_5

G Data
Win32.Ramnit
14.9.24

IKARUS anti.virus
Virus.Win32.Ramnit
t3scan.1.7.5.0

Jiangmin
KV140610

K7 AntiVirus
Virus
13.183.13198

K7 Gateway Antivirus
Virus
13.183.13198

Kaspersky
Virus.Win32.Nimnul
14.0.0.3268

Kingsoft AntiVirus
Win32.Ramnit.lx.30720
331020.49267

McAfee
W32/Ramnit.a
5600.7011

McAfee Web Gateway
W32/Ramnit.a
7.7011

Microsoft Security Essentials
Threat.Undefined
1.183.771.0

MicroWorld eScan
Win32.Ramnit.N
15.0.0.762

NANO AntiVirus
Virus.Win32.Nimnul.bqjjnb
0.28.2.61861

Norman
Ramnit.AS
11.20140911

nProtect
Win32.Ramnit.N
14.08.28.01

Panda Antivirus
W32/Cosmu.E
14.09.11.11

Qihoo 360 Security
Virus.Win32.Ramnit.A
1.0.0.1015

Quick Heal
W32.Ramnit.A
9.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.11.11

Rising Antivirus
PE:Win32.Mgr.b!1594784
23.00.65.14909

Sophos
W32/Ramnit-A
4.98

Total Defense
Win32/Ramnit.C
37.0.11149

Trend Micro House Call
PE_RAMNIT.DEN
7.2.254

Trend Micro
PE_RAMNIT.DEN
10.465.11

Vba32 AntiVirus
Virus.Win32.Nimnul.b
3.12.26.3

VIPRE Antivirus
Threat.4732184
32210

ViRobot
Win32.Nimnul.A
2011.4.7.4223

Zillya! Antivirus
Virus.Nimnul.Win32.2
2.0.0.1905

Remove escortshld.dll - Powered by Reason Core Security
File size:
57.5 KB (58,880 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\babylontoolbar\babylontoolbar\1.8.11.10\escortshld.dll

File PE Metadata
Compilation timestamp:
1/24/2013 12:48:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:v9lp50hrTH+Z+OLdWtbUDUztY2uJQvISh6+7k50qnTEDN51ZQLztoF0R:v9g3+sUUzLK+56IkxW58toF0R

Entry address:
0x1AF4

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 45, 28, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, DF, 00, 10, 89, 0D, 44, DF, 00, 10, 89, 15, 40, DF, 00, 10, 89, 1D, 3C, DF, 00, 10, 89, 35, 38, DF, 00, 10, 89, 3D, 34, DF, 00, 10, 66, 8C, 15, 60, DF, 00, 10, 66, 8C, 0D, 54, DF, 00, 10, 66, 8C, 1D, 30, DF, 00, 10, 66, 8C, 05, 2C, DF, 00, 10, 66, 8C, 25, 28, DF, 00, 10, 66, 8C, 2D, 24, DF, 00, 10, 9C, 8F, 05, 58, DF...
 
[+]

Entropy:
5.5833

Code size:
30 KB (30,720 bytes)

The file escortshld.dll has been discovered within the following programs.

Babylon toolbar  by Babylon Ltd
Babylon Toolbar from Babylon Ltd is a web browser plugin that allows you to get language translations and definitions through an installed web browser toolbar. Typically, the Babylon Toolbar comes bundled with other software, usually freeware and shareware.
www.babylon.com
67% remove it
 
Powered by Should I Remove It?

Remove escortshld.dll - Powered by Reason Core Security