» tbhelper2.exe
Overview
Analysis
File Details
Programs (1)

tbhelper2.exe

Internet Explorer Toolbar

Aimia Coalition Loyalty UK LTD

The application tbhelper2.exe, “Toolbar Helper Module” by Aimia Coalition Loyalty UK has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Nectar Toolbar by AIMIA Coalition Loyalty UK Ltd which is a potentially unwanted software program.

File name:

tbhelper2.exe

Publisher:

Aimia Coalition Loyalty UK LTD (signed and verified)

Product:

Internet Explorer Toolbar

Description:

Toolbar Helper Module

Version:

4.3.0.43

MD5:

4090a0dfbbca1ff7e8393e423f503480

SHA-1:

d57f148ca73577ca58346e07901887ab14319ad8

SHA-256:

91c2752d1cce06e24ae645771be2414da00df9276c6cddd77801e5a55bd26a0e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 10:17:27 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.AimiaCoalitionLoyaltyUK.Toolbar (M)

15.7.6.16

File size:

199.3 KB (204,104 bytes)

Product version:

4.3.0.43

Original file name:

TbHelper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\nectar toolbar\tbhelper2.exe

Digital Signature

Signed by:

Aimia Coalition Loyalty UK LTD

Authority:

VeriSign, Inc.

Valid from:

7/3/2013 1:00:00 AM

Valid to:

7/4/2015 12:59:59 AM

Subject:

CN=Aimia Coalition Loyalty UK LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Aimia Coalition Loyalty UK LTD, L=London, S=United Kingdom, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3FA8ED3BA9AA2D91F087CB0A3B328A4E

File PE Metadata

Compilation timestamp:

4/5/2013 8:50:12 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:8KW51AJhVrsk8FIsPA2LL4iWRrJ+5TbD+Jcmi:8KWUxzxv2LL4imrWTXt

Entry address:

0x129A2

Entry point:

E8, 6A, 6D, 00, 00, E9, 79, FE, FF, FF, 68, 60, 0F, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 2C, A4, 42, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 38, B9, 42, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 2C, A4... 
[+]

Entropy:

6.4347

Code size:

126.5 KB (129,536 bytes)

The file tbhelper2.exe has been discovered within the following program.

Nectar Toolbar by AIMIA Coalition Loyalty UK Ltd

Nectar Toolbar is a potentially unwanted web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

76% remove it

Remove tbhelper2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.