home

searchustoolbar.exe

TNT2

Search.us.com

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application searchustoolbar.exe by Search.us.com has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
Search.us.com  (signed and verified)

Product:
TNT2

Description:
Setup program

Version:
2.0.0.1812

MD5:
98a9bdebf60079cc7497c3901d8d39f2

SHA-1:
6893c6a74149ae1f306b2705f7cde8e50a1ac4a0

SHA-256:
62b2acb33e4ce12804d517a7de360c82b690e3c7afdc51ee2abbf8ff091b2a57

Scanner detections:
10 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 5:28:37 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

AVG
FindWide
2016.0.2881

Dr.Web
Adware.Toolbar.334
9.0.1.0362

ESET NOD32
Win32/Toolbar.TNT2
9.10766

IKARUS anti.virus
PUA.Toolbar.TNT2
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.14098

McAfee
Artemis!82EAF63D144F
5600.6537

Reason Heuristics
PUP.Tightrope.Searchus.Bundler (M)
15.12.28.15

Trend Micro House Call
Suspicious_GEN.F47V1001
7.2.362

VIPRE Antivirus
Trojan.Win32.Generic
34764

File size:
1.2 MB (1,309,968 bytes)

Product version:
2.0.0.1812

Copyright:
© Search.Us.com All Rights Reserved

Original file name:
ToolbarInst.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Tightrope WebInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\117\searchustoolbar.exe

Digital Signature
Signed by:
Search.us.com

Authority:
VeriSign, Inc.

Valid from:
3/19/2013 5:00:00 PM

Valid to:
3/19/2016 4:59:59 PM

Subject:
CN=Search.us.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Search.us.com, L=SAN FRANCISCO, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
53391509B5D4A87249DD2CCE767F64A2

File PE Metadata
Compilation timestamp:
5/27/2014 12:29:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:R/zhfT7jsAJ9MCTERt0HRG9/u7hLatdkRy+mBlIYQwQWaGBLFUTZ:FzRLsAJVTE4HsuLaLkA+4sw2xZ

Entry address:
0x44C7

Entry point:
E8, 78, 73, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 98, CD, 41, 00, E8, F3, 12, 00, 00, E8, 16, 21, 00, 00, 0F, B7, F0, 6A, 02, E8, 0B, 73, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, CB, 5B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9253  (probably packed)

Code size:
89 KB (91,136 bytes)

Remove searchustoolbar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.