home

tdataprotocol.dll

Metabar plug-in for Internet Explorer

OOO Metabar

The module tdataprotocol.dll, “Metabar data protacol for IE w/c” by OOO Metabar has been detected as adware by 4 anti-malware scanners.
Publisher:
Metabar  (signed by OOO Metabar)

Product:
Metabar plug-in for Internet Explorer

Description:
Metabar data protacol for IE w/c

Version:
1.0.0.9

MD5:
5148e395f6d4183965bb739c8bb75673

SHA-1:
d71c1f0508ceeb669b6205fe76a2168715fa9ef9

SHA-256:
1ad6fb30bbb8243a4a0ca8a87e7ba4d875e9d68e9ba74faefdb9c8a8b1b3d543

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
4/26/2024 7:42:32 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.witToolbar
4.0.3.16212

ESET NOD32
Win32/Toolbar.witToolbar (variant)
10.10737

IKARUS anti.virus
PUA.Toolbar.witToolbar
t3scan.1.8.3.0

Reason Heuristics
PUP.OOOMetabar (M)
16.2.12.6

File size:
152.3 KB (155,968 bytes)

Product version:
1.0.0.9

Copyright:
Metabar. All rights reserved.

Original file name:
tdataprotocol.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\common files\metabar\tdataprotocol.dll

Digital Signature
Signed by:
OOO Metabar

Authority:
Thawte, Inc.

Valid from:
4/7/2013 7:00:00 AM

Valid to:
6/7/2014 6:59:59 AM

Subject:
CN=OOO Metabar, OU=IT Department, O=OOO Metabar, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4FE3D2281102359C9EAEC3EB2E41300C

Registration
CLSID:
{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}

ProgID:
tdataprotocol.CTData.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
4/5/2013 9:33:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:fKg+pSTjLIFP0dJZPXKyQHaYnOv6UvrE+DNo3n:fKge4XIydvPXVQHyv6U4+e

Entry address:
0xCA65

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A9, 63, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 66, 0F, EF, C0, 51, 53, 8B, C1, 83, E0, 0F, 85, C0, 75, 7F, 8B, C2, 83, E2, 7F, C1, E8, 07, 74, 37, 8D, A4, 24, 00, 00, 00, 00, 66, 0F, 7F, 01, 66, 0F, 7F, 41, 10, 66, 0F, 7F, 41, 20, 66, 0F, 7F, 41, 30, 66, 0F, 7F, 41, 40, 66, 0F, 7F, 41, 50, 66, 0F, 7F, 41, 60, 66, 0F, 7F, 41, 70, 8D, 89, 80, 00, 00, 00, 48, 75, D0, 85, D2, 74, 37, 8B, C2, C1, E8, 04, 74, 0F, EB, 03...
 
[+]

Code size:
101.5 KB (103,936 bytes)

PROTOCOLS Handler
Type of handler:
base64

CLSID:
{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}

CLSID name:
CTData Class


Remove tdataprotocol.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.