» extension64.dll
Overview
Analysis
File Details
Programs (1)

extension64.dll

Bit Cocktail Ltd.

The module extension64.dll by Bit Cocktail has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program IB Updater 2.0.0.530 by Perion Network Ltd. which is a potentially unwanted software program.

File name:

extension64.dll

Publisher:

Bit Cocktail Ltd. (signed and verified)

Version:

2.0.0.564

MD5:

7ec59d1357e5716f23df505195b6ad6f

SHA-1:

cdecf70ea2f824dc47e237d2ecc98ea8188bbca5

SHA-256:

eb63b827719da6409c34c5ee9ddb01eae6e4c6e64e03105f6eecb353f3068c24

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 9:33:57 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BitCocktail (M)

16.1.12.18

File size:

210.8 KB (215,896 bytes)

Product version:

2.0.0.564

Original file name:

Extension.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\ib updater\extension64.dll

Digital Signature

Signed by:

Bit Cocktail Ltd.

Authority:

Thawte, Inc.

Valid from:

11/11/2012 6:00:00 PM

Valid to:

1/16/2014 5:59:59 PM

Subject:

CN=Bit Cocktail Ltd., O=Bit Cocktail Ltd., L=Herzeliya, S=Herzeliya, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2FF74ED2AFEBAFD72E0750E98DC63C1C

Registration

CLSID:

{336D0C35-8A85-403a-B9D2-65C292C39087}

ProgID:

Extension.ExtensionHelperObject.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

12/26/2012 3:03:44 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:OR44aFTayzg9ySdJFc611C75+LnyQzS5C3MqHxGW2s3EwlnhN5gVw7GmT:RdFTNExFj11Mmny+S5zMP2s3ESnhln

Entry address:

0x15590

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 97, 76, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 48, F7, D9, 48, A9, 07, 00, 00, 00, 74, 0F, 66, 90, 8A, 10, 48, FF, C0, 84, D2, 74, 5F, A8, 07, 75, F3, 49, B8, FF, FE, FE, FE, FE, FE, FE, 7E, 49, BB, 00, 01, 01, 01, 01, 01, 01... 
[+]

Entropy:

6.1142

Code size:

139.5 KB (142,848 bytes)

The file extension64.dll has been discovered within the following program.

IB Updater 2.0.0.530 by Perion Network Ltd.

The IB (IncrediBar) Updater Service is designed to keep the Perion IncrediBar web browser toolbar (and other related products) up to date. The IB Updater Service runs in the background and periodically connects to the IncrediBar servers.

www.incredibar.com

80% remove it

Remove extension64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.