» tbcore3.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

tbcore3.dll

IE Toolbar

Zorba Networks SL

The module tbcore3.dll, “IE Toolbar Engine” by Zorba Networks SL has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘TBSB01555’. This file is typically installed with the program RechercherWeb Toolbar by Conduit Ltd. which is a potentially unwanted software program.

File name:

tbcore3.dll

Publisher:

Zorba Networks SL (signed and verified)

Product:

IE Toolbar

Description:

IE Toolbar Engine

Version:

4, 2, 0, 47

MD5:

f64101483ce4895b250f8d6f53326184

SHA-1:

8e62d8ca52bb87ac354bba163f6be130869095de

SHA-256:

b1b3bc1dc2e39dc89884ff3170967038f48e18f3394c5f8c1d55226f2c97d05f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Conduit Toolbar platform.

Analysis date:

4/23/2024 3:26:06 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Conduit.Toolbar.Toolbar (M)

16.2.4.4

File size:

2.4 MB (2,547,416 bytes)

Product version:

4, 2, 0, 47

Original file name:

tbcore3U.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\rechercherweb toolbar\tbcore3.dll

Digital Signature

Signed by:

Zorba Networks SL

Authority:

The USERTRUST Network

Valid from:

12/1/2010 1:00:00 AM

Valid to:

12/2/2011 12:59:59 AM

Subject:

CN=Zorba Networks SL, O=Zorba Networks SL, STREET=Jativa 11, L=Madrid, S=Madrid, PostalCode=28007, C=ES

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00F76718D8D4283725CF8801D7DED56F05

Registration

CLSIDs:

{57CADC46-58FF-4105-B733-5A9F3FC9783C}, {8FFA7469-654F-423E-84FE-6A583CB1C284}, {9F34B17E-FF0D-4FAB-97C4-9713FEE79052}, {D565B35E-B787-40FA-95E3-E3562F8FC1A0}, {E2C28B5F-9EC2-482B-82D3-82152CD3AC8D}

ProgIDs:

ComObject.DeskbarEnabler.1, TBSB01555.TBSB01555.3, Toolbar3.ContextMenuNotifier.1, Toolbar3.CustomInternetSecurityImpl.1, Toolbar3.TBSB01555.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/15/2010 11:38:04 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:pRI32X1zsAcZV6uK/84y84RA3fjSgjCkWMrcnzoueSypXaWng:oF5jK4nGfuNkWMrY9eSGKWn

Entry address:

0x15D120

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 11, FB, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F0, 66, 21, 10, 89, 0D, EC, 66, 21, 10, 89, 15, E8, 66, 21, 10, 89, 1D, E4, 66, 21, 10, 89, 35, E0, 66, 21, 10, 89, 3D, DC, 66, 21, 10, 66, 8C, 15, 08, 67, 21, 10, 66, 8C, 0D, FC, 66, 21, 10, 66, 8C, 1D, D8, 66, 21, 10, 66, 8C, 05, D4, 66, 21, 10, 66, 8C, 25, D0, 66, 21, 10, 66, 8C, 2D, CC, 66, 21, 10, 9C, 8F, 05, 00, 67... 
[+]

Code size:

1.6 MB (1,687,552 bytes)

Internet Explorer BHO

Display name:

TBSB01555

CLSID:

{E2C28B5F-9EC2-482B-82D3-82152CD3AC8D}

CLSID name:

TBSB01555 Class

The file tbcore3.dll has been discovered within the following program.

RechercherWeb Toolbar by Conduit Ltd.

This is a Conduit toolbar installed in the user's Web browsers (IE, Chrome and Firefox) that collects and stores information about your web browsing habits and sends this information to Conduit so they can suggest services or provide ads via the toolbar.

64% remove it

Remove tbcore3.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.