» IEToolbar.dll
Overview
Analysis
File Details

IEToolbar.dll

Search.Us.com Toolbar

Search.us.com

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module IEToolbar.dll by Search.us.com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

IEToolbar.dll

Publisher:

Search.us.com (signed and verified)

Product:

Search.Us.com Toolbar

Version:

2.0.0.1534

MD5:

e88a14c1f5e562876a5151b4add0456a

SHA-1:

80e7e7a361423f26930f78f499698a7bea1270b6

SHA-256:

c5d371d0c3e9af8390a4fb717e8f22051f9e4a1d066ec323cdb6a409dd24f0f6

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 11:50:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Tightrope (M)

16.10.11.12

File size:

134.8 KB (138,000 bytes)

Product version:

2.0.0.1534

Original file name:

IEToolbar.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\tnt2\2.0.0.1534\ietoolbar.dll

Digital Signature

Signed by:

Search.us.com

Authority:

VeriSign, Inc.

Valid from:

3/20/2013 12:00:00 AM

Valid to:

3/19/2016 11:59:59 PM

Subject:

CN=Search.us.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Search.us.com, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

53391509B5D4A87249DD2CCE767F64A2

File PE Metadata

Compilation timestamp:

3/27/2013 10:24:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:riQfusScgiubUlNJdPsScgilGgveBYXn/JKXo4:rDfVLjXI/uo4

Entry address:

0x9DD7

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 24, 61, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, B7, 01, 10, E8, EA, 30, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, E7, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 00, 71, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.1650

Developed / compiled with:

Microsoft Visual C++

Code size:

75 KB (76,800 bytes)

Remove IEToolbar.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.