» mytb_svc.exe
Overview
Analysis
File Details
Behaviors (1)

mytb_svc.exe

Nbiz Solution

The executable mytb_svc.exe has been detected as malware by 1 anti-virus scanner. It runs as a windows Service named “MYToolbar”.

File name:

mytb_svc.exe

Publisher:

Nbiz Solution (signed and verified)

MD5:

c4f1eb78aaef73093e938b6111daf5ae

SHA-1:

5ce8ba3732a2363fff052df7cd2bd312d72f22b7

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/20/2024 12:31:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.6.14.7

File size:

65.8 KB (67,352 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\mytoolbar\mytb_svc.exe

Digital Signature

Signed by:

Nbiz Solution

Authority:

eBiz Networks Ltd

Valid from:

2/18/2011 9:00:00 AM

Valid to:

2/18/2013 8:59:59 AM

Subject:

CN=Nbiz Solution, OU=web team, O=Nbiz Solution, STREET="Sangdo-dong, Dongjak-gu, Seoul, Korea", STREET=527, L=Seoul, S=Dongjak-gu, PostalCode=156-030, C=KR

Issuer:

CN=eBiz Networks Certificate Services, O=eBiz Networks Ltd, C=KR

Serial number:

00C8ED8652685B5CCF51C3A894A6D4DE53

File PE Metadata

Compilation timestamp:

7/11/2011 5:16:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

1536:D1fad3iLH0jccKpRTsNIPAmE58VmeeZ/eb:Zs3iL5af5o5

Entry address:

0x1DFE

Entry point:

E8, E9, 31, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, E1, 40, 00, 89, 0D, 44, E1, 40, 00, 89, 15, 40, E1, 40, 00, 89, 1D, 3C, E1, 40, 00, 89, 35, 38, E1, 40, 00, 89, 3D, 34, E1, 40, 00, 66, 8C, 15, 60, E1, 40, 00, 66, 8C, 0D, 54, E1, 40, 00, 66, 8C, 1D, 30, E1, 40, 00, 66, 8C, 05, 2C, E1, 40, 00, 66, 8C, 25, 28, E1, 40, 00, 66, 8C, 2D, 24, E1, 40, 00, 9C, 8F, 05, 58, E1, 40, 00, 8B, 45, 00, A3, 4C, E1, 40, 00, 8B, 45, 04, A3, 50, E1, 40, 00, 8D, 45, 08, A3, 5C, E1, 40... 
[+]

Entropy:

6.3262

Code size:

36 KB (36,864 bytes)

Service

Display name:

MYToolbar

Type:

Win32OwnProcess, InteractiveProcess

Remove mytb_svc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.