» TbCommonUtils.dll
Overview
Analysis
File Details

TbCommonUtils.dll

Internet Explorer Toolbar

ShopAtHome.com (Belcaro Group, Inc.)

The module TbCommonUtils.dll, “Internet Explorer Toolbar Common Utils” by ShopAtHome.com (Belcaro Group,) has been detected as adware by 8 anti-malware scanners.

File name:

TbCommonUtils.dll

Publisher:

ShopAtHome.com (Belcaro Group, Inc.) (signed and verified)

Product:

Internet Explorer Toolbar

Description:

Internet Explorer Toolbar Common Utils

Version:

4.3.0.19

MD5:

0f23d9e1d4a4374f25ae9fc798646dae

SHA-1:

e99dbe2f6e009e15bd81ecfd424dd1f93687d961

SHA-256:

504cbb2b6f8c9c7fde81762cf8667cf82990c27b2a119edc55ccf15f740e39fd

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Part of the Conduit Toolbar platform.

Analysis date:

4/26/2024 4:41:50 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2017.0.2863

Dr.Web

Adware.Shopper.957

9.0.1.015

Malwarebytes

PUP.Optional.ShopAtHome

v2016.01.15.08

McAfee

Artemis!8AFE1BED3A60

5600.6519

Reason Heuristics

PUP.Conduit.Toolbar.ShopAtHome.Toolbar (M)

16.1.15.20

Sophos

SAHAgent (PUA)

4.98

Trend Micro House Call

Suspicious_GEN.F47V0708

7.2.15

VIPRE Antivirus

ShopAtHome

38194

File size:

105.6 KB (108,176 bytes)

Product version:

4.3.0.19

Original file name:

TbCommonUtils.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\shopathome\shopathometoolbar\tbcommonutils.dll

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc.)

Authority:

Symantec Corporation

Valid from:

6/25/2013 5:00:00 PM

Valid to:

6/26/2014 4:59:59 PM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc.)", O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

237B0D903D7BC26FE5D98F5F4AAF5E42

File PE Metadata

Compilation timestamp:

12/16/2013 12:08:10 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:k8/cUDafEIkTxtawwOU/E2LikxvPtP7se5WkP0IttwUugYV8q:cfEImiE219PtP7se5eIrwUugE8q

Entry address:

0x90B9

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 1E, 36, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 75, 01, 10, 89, 0D, 74, 75, 01, 10, 89, 15, 70, 75, 01, 10, 89, 1D, 6C, 75, 01, 10, 89, 35, 68, 75, 01, 10, 89, 3D, 64, 75, 01, 10, 66, 8C, 15, 90, 75, 01, 10, 66, 8C, 0D, 84, 75, 01, 10, 66, 8C, 1D, 60, 75, 01, 10, 66, 8C, 05, 5C, 75, 01, 10, 66, 8C, 25, 58, 75, 01, 10, 66, 8C, 2D, 54, 75, 01, 10, 9C, 8F, 05, 88, 75... 
[+]

Entropy:

6.3312

Code size:

61 KB (62,464 bytes)

Remove TbCommonUtils.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.