» TbCommonUtils.dll
Overview
Analysis
File Details

TbCommonUtils.dll

Internet Explorer Toolbar

ShopAtHome.com (Belcaro Group, Inc.)

The module TbCommonUtils.dll, “Internet Explorer Toolbar Common Utils” by ShopAtHome.com (Belcaro Group,) has been detected as adware by 8 anti-malware scanners.

File name:

TbCommonUtils.dll

Publisher:

ShopAtHome.com (Belcaro Group, Inc.) (signed and verified)

Product:

Internet Explorer Toolbar

Description:

Internet Explorer Toolbar Common Utils

Version:

4.3.0.19

MD5:

e61ab9e7c66ad06172bc7f3ed51ba33d

SHA-1:

d7dc19b64d31fec7f027f2aed1ecd5ee4759a7b5

SHA-256:

a14d13df06d54fb23b1f4abace9c10a427f8b89007522d7b4f071535b80c3b3c

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Part of the Conduit Toolbar platform.

Analysis date:

4/16/2024 11:23:32 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.2887

Dr.Web

Adware.Shopper.957

9.0.1.0356

Malwarebytes

PUP.Optional.ShopAtHome

v2015.12.22.01

McAfee

Artemis!8AFE1BED3A60

5600.6543

Reason Heuristics

PUP.Conduit.Toolbar.ShopAtHome.Toolbar (M)

15.12.22.13

Sophos

SAHAgent (PUA)

4.98

Trend Micro House Call

Suspicious_GEN.F47V0708

7.2.356

VIPRE Antivirus

ShopAtHome

38194

File size:

105.6 KB (108,176 bytes)

Product version:

4.3.0.19

Original file name:

TbCommonUtils.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\shopathome\shopathometoolbar\tbcommonutils.dll

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc.)

Authority:

Symantec Corporation

Valid from:

6/25/2013 8:00:00 PM

Valid to:

6/26/2014 7:59:59 PM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc.)", O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

237B0D903D7BC26FE5D98F5F4AAF5E42

File PE Metadata

Compilation timestamp:

3/10/2014 3:47:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:k8/cUDafEIkTxtawwOU/E2LikxvPtP7se5WkP0IttwvuglV8F:cfEImiE219PtP7se5eIrwvugT8F

Entry address:

0x90B9

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 1E, 36, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 75, 01, 10, 89, 0D, 74, 75, 01, 10, 89, 15, 70, 75, 01, 10, 89, 1D, 6C, 75, 01, 10, 89, 35, 68, 75, 01, 10, 89, 3D, 64, 75, 01, 10, 66, 8C, 15, 90, 75, 01, 10, 66, 8C, 0D, 84, 75, 01, 10, 66, 8C, 1D, 60, 75, 01, 10, 66, 8C, 05, 5C, 75, 01, 10, 66, 8C, 25, 58, 75, 01, 10, 66, 8C, 2D, 54, 75, 01, 10, 9C, 8F, 05, 88, 75... 
[+]

Entropy:

6.3310

Code size:

61 KB (62,464 bytes)

Remove TbCommonUtils.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.