» extension64.dll
Overview
Analysis
File Details
Programs (1)

extension64.dll

Bit Cocktail Ltd.

The module extension64.dll by Bit Cocktail has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program IB Updater 2.0.0.530 by Perion Network Ltd. which is a potentially unwanted software program.

File name:

extension64.dll

Publisher:

Bit Cocktail Ltd. (signed and verified)

Version:

2.0.0.530

MD5:

de32307309bd0148d8622c69916f287d

SHA-1:

ad1b40b40771bc6d25e1affb3e6e0e9ce9d65859

SHA-256:

866a9fd6092a00d15cf0fccc3cfe3e275bc4cfe65a87edc78ad4ede2c2cbda9d

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 12:49:05 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Perion

4.0.3.15729

Bkav FE

W64.HfsAdware

1.3.0.6379

ESET NOD32

Win64/Toolbar.Perion.A potentially unwanted (variant)

9.11456

Reason Heuristics

PUP.BitCocktail (M)

15.7.29.16

Trend Micro House Call

Suspicious_GEN.F47V0315

7.2.210

File size:

210.8 KB (215,896 bytes)

Product version:

2.0.0.530

Original file name:

Extension.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\ib updater\extension64.dll

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

1/16/2012 7:00:00 PM

Valid to:

1/16/2013 6:59:59 PM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

613E461899A05578474D1423CF9CC340

Registration

CLSID:

{336D0C35-8A85-403a-B9D2-65C292C39087}

ProgID:

Extension.ExtensionHelperObject.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

10/3/2012 8:24:00 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:d+44aFTayzg9ySNJFc61FC75+LnyQ0S5C3MqHu0JkHU4lYihN5fVw7Ny2:xdFTNEhFj1FMmnyhS5zgqHUqHhA9

Entry address:

0x15590

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 97, 76, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 48, F7, D9, 48, A9, 07, 00, 00, 00, 74, 0F, 66, 90, 8A, 10, 48, FF, C0, 84, D2, 74, 5F, A8, 07, 75, F3, 49, B8, FF, FE, FE, FE, FE, FE, FE, 7E, 49, BB, 00, 01, 01, 01, 01, 01, 01... 
[+]

Entropy:

6.1101

Code size:

139.5 KB (142,848 bytes)

The file extension64.dll has been discovered within the following program.

IB Updater 2.0.0.530 by Perion Network Ltd.

The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodically connects to the IncrediBar servers.

www.incredibar.com

80% remove it

Remove extension64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.