» searchresultstb64.dll
Overview
Analysis
File Details
Programs (5)

searchresultstb64.dll

DTX Toolbar

IAC Search and Media

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The module searchresultstb64.dll, “DTX kernel Module” by IAC Search and Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) by IAC Search and Media and Movies Toolbar for Internet Explorer (Dist. by Torch Media, Inc.) by IAC Search and Media, both potentially unwanted software.

File name:

Publisher:

IAC Search and Media (signed and verified)

Product:

DTX Toolbar

Description:

DTX kernel Module

Version:

5, 0, 8, 266

MD5:

da234fa9f73a19a8cae52cfeaa2031ad

SHA-1:

6278c070ecfbb8097031b0ed098e9d607e1e0ed2

SHA-256:

840a4c237e71458ec2f5896f206b6e8917c447319f64a9864eb151ea3a9e5b7c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/16/2024 4:35:06 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Toolbar.IACSearchandMedia.R

14.8.8.0

File size:

805 KB (824,272 bytes)

Product version:

5, 0, 8, 266

Original file name:

dtBand.dll

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\movies toolbar\datamngr\srtool~1\ie\searchresultstb64.dll

Digital Signature

Signed by:

IAC Search and Media

Authority:

VeriSign, Inc.

Valid from:

9/11/2012 8:00:00 AM

Valid to:

10/21/2015 7:59:59 AM

Subject:

CN=IAC Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC Search and Media, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3444D7AA32B4D542D3C80027404D5CD6

File PE Metadata

Compilation timestamp:

11/16/2013 5:11:56 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:Cv+b7DOv5enAwgb0WGeuX2q+5ph9xvDUQFdph0VUhca1ApKr7PtCd5:g+PDOv6gVGJ2/phjvDU8dpheUh31F/0f

Entry address:

0x68E48

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 87, BC, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, 40, 53, 48, 83, EC, 30, 48, 8B, D9, B9, 0E, 00, 00, 00, E8, 75, 8C, 00, 00, 90, 48, 8B, 43, 08, 48, 85, C0, 74, 44, 48, 8B, 0D, 64, 4A, 05, 00, 48, 89, 4C, 24, 20, 48, 8D, 15, 50, 4A, 05, 00, 48, 85, C9, 74, 1E, 48, 39, 01, 75, 0F, 48, 8B, 41, 08, 48, 89... 
[+]

Entropy:

6.1713

Code size:

550.5 KB (563,712 bytes)

The file searchresultstb64.dll has been discovered within the following programs.

Extended Update by Hoolapp

Extended Update is a potentially unwanted application that is triggered to run daily by bypassing Windows User Account Control (UAC).

79% remove it

Movies Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) by IAC Search and Media

Movies Toolbar (by Bandoo Media, Inc.) is an Ask.com Partner Network Toolbar which is an is an ad-supported (users may see additional banner and in-text link advertisements) web browser plugin distributed through various monetization platforms during installation.

84% remove it

Movies Toolbar for Internet Explorer (Dist. by Torch Media, Inc.) by IAC Search and Media

Movies Toolbar for Internet Explorer is an Ask.com Partner Network Toolbar which is an is an ad-supported (users may see additional banner and in-text link advertisements) web browser plugin distributed through various monetization platforms during installation.

69% remove it

Music Box Toolbar for Internet Explorer (Dist. by iMesh, Inc.) by APN LLC

This is a potentially unwanted web browser extension that is designed to deliver search modification as well as contextual advertising. The program does this by modifying the user's home and search page in order to monetize a user's search activities.

apn.ask.com

87% remove it

Music Toolbar for Internet Explorer (Dist. by Bandoo Media, Inc.) by IAC Search and Media

From the EULA: "The Toolbar interacts with your computer by: Displaying advertisements, including without limitation by inserting into web pages or displaying over parts of such web pages advertisements, banners or coupons that would not otherwise appear; Converting words on pages you view into hyperlinks that are linked to advertisements; Communicating with our servers to check for new offers, the placement of offers, the date and time you install and uninstall the Toolbar, and whether an updated version of the Toolbar is available; Monitoring and recording the domain name of each page you view, the advertisements that appear on these pages, and the advertisements that you click.

80% remove it

Remove searchresultstb64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.