» extension32.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

extension32.dll

Bit Cocktail Ltd.

The module extension32.dll by Bit Cocktail has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘IB Updater Helper’. This file is typically installed with the program IB Updater 2.0.0.530 by Perion Network Ltd. which is a potentially unwanted software program.

File name:

extension32.dll

Publisher:

Bit Cocktail Ltd. (signed and verified)

Version:

2.0.0.564

MD5:

9cebb97e0baa62f0d1ecdea3784d52a9

SHA-1:

8521bfaf592406d0e9e799d83f0ebc6f2ddb1f13

SHA-256:

3a9083fbeef546ab51674b236f4f4907780824148f778a3f12eb4621573baa0a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 6:14:48 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BitCocktail (M)

16.1.12.17

File size:

166.8 KB (170,840 bytes)

Product version:

2.0.0.564

Original file name:

Extension.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\ib updater\extension32.dll

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

11/11/2012 6:00:00 PM

Valid to:

1/16/2014 5:59:59 PM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2FF74ED2AFEBAFD72E0750E98DC63C1C

File PE Metadata

Compilation timestamp:

12/26/2012 3:03:37 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:Grx/QYZEnFV2w3lAHy72UKGx2bD6fh75LJ2qDl:Cx/vgz2QlAHy72UKGx2Ohpp

Entry address:

0x110BF

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F1, 7A, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 68, 50, F8, 00, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, F4, 57, 02, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC... 
[+]

Entropy:

6.4236

Code size:

114.5 KB (117,248 bytes)

Internet Explorer BHO

Display name:

IB Updater Helper

CLSID:

{336D0C35-8A85-403a-B9D2-65C292C39087}

CLSID name:

IB Updater

The file extension32.dll has been discovered within the following program.

IB Updater 2.0.0.530 by Perion Network Ltd.

The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodically connects to the IncrediBar servers.

www.incredibar.com

80% remove it

Remove extension32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.