home

freeze_us.dll

IE Toolbar

W3i, LLC

Part of an InstallX (InstallIQ) installation, a PUP that may bundle additional adware on the computer. The module freeze_us.dll, “IE Toolbar Engine” by W3i has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
W3i, LLC  (signed and verified)

Product:
IE Toolbar

Description:
IE Toolbar Engine

Version:
4, 0, 5, 1

MD5:
c4c93c45d7fc6bb2cd7e815bcdbdc229

SHA-1:
3ff4a42bcc9eb3e9adf835b52a76f0dc08ad50f2

SHA-256:
30b4ee170257bf4117a27861a3afbae3b10b17d2553ecae98449b1a55cdc4150

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/7/2024 3:59:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Toolbar.W3i.J
14.10.31.22

File size:
1.8 MB (1,916,024 bytes)

Product version:
4, 0, 5, 1

Copyright:
Copyright © 2001-2007. All rights reserved.

Original file name:
tbcore3.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\my.freeze.com toolbar with netassistant\freeze_us.dll

Digital Signature
Signed by:
W3i, LLC

Authority:
VeriSign, Inc.

Valid from:
7/2/2007 8:00:00 PM

Valid to:
7/2/2009 7:59:59 PM

Subject:
CN="W3i, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="W3i, LLC", L=Sartell, S=Minnesota, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
391B1DE3FDF7D68124136D1483C16B21

File PE Metadata
Compilation timestamp:
11/3/2008 6:21:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:P0RV3YuLY5qWqingFmKMrqojTo4jixS3y0U:6V35uqWHngFmKMrGz

Entry address:
0x722D7

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, F5, 06, 01, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C8, 51, 12, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 9C, C2, 11, 10, C9, C2, 08, 00, C3, B8, 50, 35, 08, 10, A3, 10, 11, 18, 10, C7, 05, 14, 11, 18, 10, F5, 2B, 08, 10...
 
[+]

Entropy:
6.0785

Code size:
1.1 MB (1,159,168 bytes)

Remove freeze_us.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.