» tbhelper2.exe
Overview
Analysis
File Details
Programs (1)

tbhelper2.exe

Toolbar Helper

ShopAtHome.com

The application tbhelper2.exe, “Toolbar Helper Module” by ShopAtHome.com has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Toolbar by Belcaro Group Inc. which is a potentially unwanted software program.

File name:

tbhelper2.exe

Publisher:

ShopAtHome.com (signed and verified)

Product:

Toolbar Helper

Description:

Toolbar Helper Module

Version:

6, 0, 4, 1

MD5:

f92ed04695c997c4e43b799e0c4829e5

SHA-1:

c99c7831e06550157b63f22b460c067a74a4939a

SHA-256:

8d163638800a007b5e747733f1ca7a45adba1ad75fcc3c1bea38cf567b29db19

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

5/7/2024 6:13:26 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Toolbar.ShopAtHome.J

14.3.29.9

Vba32 AntiVirus

Signed-Adware.Sahat

3.12.20.0

File size:

199.4 KB (204,184 bytes)

Product version:

6, 0, 4, 1

Original file name:

TbHelper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\locallow\shopathometoolbar\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}\tbhelper2.exe

Digital Signature

Signed by:

ShopAtHome.com

Authority:

VeriSign, Inc.

Valid from:

5/25/2010 8:00:00 PM

Valid to:

6/21/2013 7:59:59 PM

Subject:

CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

063168411F371B898EE763E4858518C4

File PE Metadata

Compilation timestamp:

12/15/2011 6:25:36 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:V3c5KbH3jBuE2Ln73g3LdZzBVmzl5MkDkmishvU:V3S1rU3LdZNc0MkoU

Entry address:

0x12C52

Entry point:

E8, 69, 6D, 00, 00, E9, 79, FE, FF, FF, 68, 10, 12, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 2C, A4, 42, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 38, B9, 42, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 2C, A4... 
[+]

Entropy:

6.4221

Code size:

127.5 KB (130,560 bytes)

The file tbhelper2.exe has been discovered within the following program.

ShopAtHome.com Toolbar by Belcaro Group Inc.

The ShopAtHome.com Toolbar will have the ability to inject such content into search results in your browser. Such content will be identified as ShopAtHome.com content, and you will have the ability to disable this feature of the Toolbar.

www.shopathome.com

64% remove it

Remove tbhelper2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.