» extension32.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

extension32.dll

Bit Cocktail Ltd.

The module extension32.dll by Bit Cocktail has been detected as a potentially unwanted program by 3 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘IB Updater Helper’. This file is typically installed with the program IB Updater 2.0.0.530 by Perion Network Ltd. which is a potentially unwanted software program.

File name:

extension32.dll

Publisher:

Bit Cocktail Ltd. (signed and verified)

Version:

2.0.0.530

MD5:

62a90fff1b19d537f3fe526afad9dc7a

SHA-1:

463deb7f835f1a0d1e6312e04734aa781feb9334

SHA-256:

4a5bb7382ba16e54a5d4c08d99847077c3e77b2a5e6e064292c7d634496755d5

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 10:44:58 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15723

ESET NOD32

Win32/Toolbar.Perion (variant)

9.8879

Reason Heuristics

PUP.BitCocktail (M)

15.7.23.5

File size:

166.8 KB (170,840 bytes)

Product version:

2.0.0.530

Original file name:

Extension.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\ib updater\extension32.dll

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

1/17/2012 2:00:00 AM

Valid to:

1/17/2013 1:59:59 AM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

613E461899A05578474D1423CF9CC340

File PE Metadata

Compilation timestamp:

10/3/2012 3:23:54 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:OLx/QYZEn2O2d3lbHy72XqG8aQKkih75wJ2qfK:6x/vgt2hlbHy72XqG8sJhIC

Entry address:

0x110BF

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F1, 7A, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 68, 50, F8, 00, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, F4, 57, 02, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC... 
[+]

Entropy:

6.4232

Code size:

114.5 KB (117,248 bytes)

Internet Explorer BHO

Display name:

IB Updater Helper

CLSID:

{336D0C35-8A85-403a-B9D2-65C292C39087}

CLSID name:

IB Updater

The file extension32.dll has been discovered within the following program.

IB Updater 2.0.0.530 by Perion Network Ltd.

The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodically connects to the IncrediBar servers.

www.incredibar.com

80% remove it

Remove extension32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.