» tbhelper2.exe
Overview
Analysis
File Details
Programs (1)

tbhelper2.exe

Internet Explorer Toolbar

Aimia Coalition Loyalty UK LTD

The application tbhelper2.exe, “Toolbar Helper Module” by Aimia Coalition Loyalty UK has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Nectar Toolbar by AIMIA Coalition Loyalty UK Ltd which is a potentially unwanted software program.

File name:

tbhelper2.exe

Publisher:

Aimia Coalition Loyalty UK LTD (signed and verified)

Product:

Internet Explorer Toolbar

Description:

Toolbar Helper Module

Version:

4.3.0.43

MD5:

005e265a74f901d4bf1a7dfec62a7b7d

SHA-1:

de85e4fe7bb27c2ed3e845ad251b5b8de42c8156

SHA-256:

567254a1ce41e7eef858429c4b000c560572a40551524eda31e93044e4eb91ea

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 10:25:53 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Toolbar.AimiaCoalitionLoyaltyUK.J

14.12.16.10

File size:

199.3 KB (204,072 bytes)

Product version:

4.3.0.43

Original file name:

TbHelper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\nectar toolbar\tbhelper2.exe

Digital Signature

Signed by:

Aimia Coalition Loyalty UK LTD

Authority:

VeriSign, Inc.

Valid from:

7/3/2013 1:00:00 AM

Valid to:

7/4/2015 12:59:59 AM

Subject:

CN=Aimia Coalition Loyalty UK LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Aimia Coalition Loyalty UK LTD, L=London, S=United Kingdom, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3FA8ED3BA9AA2D91F087CB0A3B328A4E

File PE Metadata

Compilation timestamp:

4/5/2013 8:50:12 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:EKW51AJhVrsk8FIsPA2LL4iWRrJ+5TbD+Jc7a:EKWUxzxv2LL4imrWTX2

Entry address:

0x129A2

Entry point:

E8, 6A, 6D, 00, 00, E9, 79, FE, FF, FF, 68, 60, 0F, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 2C, A4, 42, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 38, B9, 42, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 2C, A4... 
[+]

Entropy:

6.4345

Code size:

126.5 KB (129,536 bytes)

The file tbhelper2.exe has been discovered within the following programs.

Nectar Toolbar by AIMIA Coalition Loyalty UK Ltd

Nectar Toolbar is a potentially unwanted web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

76% remove it

Remove tbhelper2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.