» passport.dll
Overview
Analysis
File Details
Programs (2)

passport.dll

Freshy.com Toolbar

Freshy

This is a component of the Tightrope WebInstall, a setup program that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module passport.dll by Freshy has been detected as adware by 2 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Search.us.com by Freshy and Search Toolbar by Freshy, both potentially unwanted software.

File name:

passport.dll

Publisher:

Freshy.com (signed by Freshy)

Product:

Freshy.com Toolbar

Version:

2.0.0.1024

MD5:

717b6895f7c1b0b4a9ec9ad9e6e1ea1a

SHA-1:

1382d05f360e0eef4676682709dd3b5a6fb8078c

SHA-256:

6beb252c854ff0b60fd34cb214c76397a777d96da931b857cc59b640c186f0e3

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/25/2024 7:52:37 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.TNT2.E potentially unwanted application

7.0.302.0

Reason Heuristics

Threat.Tightrope.Toolbar

15.4.2.1

File size:

11.4 KB (11,696 bytes)

Product version:

2.0.0.1024

Original file name:

FreshyToolbar.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\tnt2\2.0.0.1378\passport.dll

Digital Signature

Signed by:

Freshy

Authority:

VeriSign, Inc.

Valid from:

7/28/2011 7:00:00 PM

Valid to:

7/28/2013 6:59:59 PM

Subject:

CN=Freshy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Freshy, L=San Francisco, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3FE2E83B02F14E8E282304CFC46C3524

File PE Metadata

Compilation timestamp:

12/17/2012 11:50:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

192:zcmfxp1OQ+9AtMldXr9WIDe+P2r8zVD+vKWr9ZCspE+TMQrK6e:zpZnA2MnbxDPXx7PeMZ5

Entry address:

0x108E

Entry point:

55, 8B, EC, 8B, 45, 0C, 48, 75, 08, 8B, 45, 08, A3, 18, 30, 00, 10, 33, C0, 40, 5D, C2, 0C, 00, 55, 8B, EC, 83, EC, 1C, 8B, 4D, 0C, 8B, 45, 08, 53, 56, 57, 33, DB, 8D, 7D, E4, 89, 5D, F4, 89, 5D, FC, 89, 4D, F8, 2B, F9, 33, D2, 33, F6, 66, 83, 38, 30, 72, 1D, 0F, B7, 08, 66, 83, F9, 39, 77, 14, 6B, D2, 0A, 0F, B7, C9, 46, 8D, 54, 0A, D0, 0F, B7, 0C, 70, 83, F9, 30, 73, E6, 8B, 4D, F8, 89, 14, 0F, 85, F6, 74, 65, 8B, 09, 3B, CA, 7E, 08, 83, 7D, F4, 00, 74, 59, 3B, CA, 7D, 07, C7, 45, F4, 01, 00, 00, 00, 83... 
[+]

Entropy:

6.4258

Developed / compiled with:

Microsoft Visual C++

Code size:

1024 Bytes (1,024 bytes)

The file passport.dll has been discovered within the following programs.

Search Toolbar by Freshy

The Freshy Search Toolbar s an ad-supported browser plugin that displays ads such as coupons, banner, textlinks, etc. in the browser that are displayed on web pages that are not associated with the plugin or would not otherwise appear.

www.freshy.com

79% remove it

Search.us.com by Freshy

The Search.US Toolbar (My.Search.Us) is a Freshy powered toolbar for Intenet Explorer and Firefox.

search.us.com

85% remove it

Remove passport.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.