» produtools.exe
Overview
Analysis
File Details
Programs (1)

produtools.exe

GOLDBAR VENTURES LTD

The application produtools.exe by GOLDBAR VENTURES has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ProduTools by GoldBar Ventures LTD which is a potentially unwanted software program.

File name:

produtools.exe

Publisher:

GOLDBAR VENTURES LTD (signed and verified)

MD5:

b6fa5ebddc37adf40b286a7f85e7b6af

SHA-1:

81f5282155e231d848a580e548fb7d6932103467

SHA-256:

ce3c57a29d7abc51fc870f023b50c2d23fb7e45dd5f8c08eb21f708f550dda8d

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 10:01:04 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.GOLDBARVENTURES.K

14.9.28.21

File size:

278.4 KB (285,112 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\produtools\produtools.exe

Digital Signature

Signed by:

GOLDBAR VENTURES LTD

Authority:

VeriSign, Inc.

Valid from:

5/7/2013 8:00:00 PM

Valid to:

5/8/2014 7:59:59 PM

Subject:

CN=GOLDBAR VENTURES LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GOLDBAR VENTURES LTD, L=Afula, S=Northern, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

74F63A1ACAFBEBBF1E2B6E345C7472B9

File PE Metadata

Compilation timestamp:

3/9/2014 9:27:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:LLDOwa4YEeY0C3sZu3jS/AYIleIJAOPwZd3pQRVkJqDWD4kCq/kDWD4kCq/0DWDD:rOwKq0C3sZgjSIS7x3vUVzV7VYgA

Entry address:

0x3580

Entry point:

55, 8B, EC, E8, 48, 76, 00, 00, E8, 03, 00, 00, 00, 5D, C3, CC, 55, 8B, EC, 6A, FE, 68, 50, 76, 42, 00, 68, C0, 8C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, E0, 53, 56, 57, A1, D4, 96, 42, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, E0, 00, 00, 00, 00, E8, 81, 79, 00, 00, 66, 89, 45, E4, 6A, 02, E8, 26, 75, 00, 00, 83, C4, 04, E8, 3E, 01, 00, 00, 89, 45, D4, E8, 86, 69, 00, 00, 85, C0, 75, 0A, 6A, 1C, E8, BB, 01, 00, 00, 83, C4, 04, E8, 43, 64, 00, 00, 85, C0, 75... 
[+]

Entropy:

5.9441

Developed / compiled with:

Microsoft Visual C++

Code size:

113 KB (115,712 bytes)

The file produtools.exe has been discovered within the following program.

ProduTools by GoldBar Ventures LTD

This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

goldbarventures.com

80% remove it

Remove produtools.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.