home

tbcore3.dll

IE Toolbar

Zorba Networks SL

The module tbcore3.dll, “IE Toolbar Engine” by Zorba Networks SL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘TBSB01666’.
Publisher:
Zorba Networks SL  (signed and verified)

Product:
IE Toolbar

Description:
IE Toolbar Engine

Version:
4, 2, 0, 47

MD5:
8736ab59e419ae9c7805b1f33ac3deb5

SHA-1:
89768d17a7272bf4b9f8d5d02dd7f34b1ab3c777

SHA-256:
8e3a32c3d541fbd4fe99b3c524b888033bd4f463840a41956a77144efb1f0115

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Conduit Toolbar platform.

Analysis date:
4/25/2024 10:25:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Conduit.Toolbar.Toolbar (M)
16.1.13.15

File size:
2.4 MB (2,547,416 bytes)

Product version:
4, 2, 0, 47

Copyright:
Copyright © 2001-2010. All rights reserved.

Original file name:
tbcore3U.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\webresultado toolbar\tbcore3.dll

Digital Signature
Signed by:
Zorba Networks SL

Authority:
The USERTRUST Network

Valid from:
12/1/2010 1:00:00 AM

Valid to:
12/2/2011 12:59:59 AM

Subject:
CN=Zorba Networks SL, O=Zorba Networks SL, STREET=Jativa 11, L=Madrid, S=Madrid, PostalCode=28007, C=ES

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00F76718D8D4283725CF8801D7DED56F05

Registration
CLSIDs:
{19192EF4-513E-4244-875E-B8D2DE89056F}, {57CADC46-58FF-4105-B733-5A9F3FC9783C}, {8FFA7469-654F-423E-84FE-6A583CB1C284}, {9F34B17E-FF0D-4FAB-97C4-9713FEE79052}, {D565B35E-B787-40FA-95E3-E3562F8FC1A0}

ProgIDs:
Toolbar3.TBSB01666.1, ComObject.DeskbarEnabler.1, TBSB01666.TBSB01666.3, Toolbar3.ContextMenuNotifier.1, Toolbar3.CustomInternetSecurityImpl.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
11/15/2010 11:38:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:rRI32X1zsAcZV6uK/84y84RA3fjSgjCkWMrcnzou+LGpLaWnV:GF5jK4nGfuNkWMrY9+LiOWn

Entry address:
0x15D120

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 11, FB, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F0, 66, 21, 10, 89, 0D, EC, 66, 21, 10, 89, 15, E8, 66, 21, 10, 89, 1D, E4, 66, 21, 10, 89, 35, E0, 66, 21, 10, 89, 3D, DC, 66, 21, 10, 66, 8C, 15, 08, 67, 21, 10, 66, 8C, 0D, FC, 66, 21, 10, 66, 8C, 1D, D8, 66, 21, 10, 66, 8C, 05, D4, 66, 21, 10, 66, 8C, 25, D0, 66, 21, 10, 66, 8C, 2D, CC, 66, 21, 10, 9C, 8F, 05, 00, 67...
 
[+]

Code size:
1.6 MB (1,687,552 bytes)

Internet Explorer BHO
Display name:
TBSB01666

CLSID:
{19192EF4-513E-4244-875E-B8D2DE89056F}

CLSID name:
TBSB01666 Class


Remove tbcore3.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.