home

tmp00000002f56dc7efe1143ba1

dtx Dynamic Link Library

IAC Search and Media

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The file tmp00000002f56dc7efe1143ba1, “dtx Dynamic Link Library” by IAC Search and Media has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the APN Stub installer.
Publisher:
IAC Search and Media  (signed and verified)

Product:
dtx Dynamic Link Library

Description:
dtx Dynamic Link Library

Version:
1, 0, 0, 24

MD5:
5937a817858be22dee1d57e8493f4289

SHA-1:
81a185e568252afc9f34e0a0879841205afb104f

SHA-256:
a8b6f25a3e74ba4a68029c63c54a9796c1fc437a4ec10194605207335994036d

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
4/16/2024 2:31:08 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Toolbar.246
9.0.1.05190

ESET NOD32
Win32/Toolbar.Visicom.B potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.Ask.IACSearc.Installer (M)
16.5.11.9

File size:
512 KB (524,288 bytes)

Product version:
1, 0, 0, 24

Copyright:
Copyright 2013 IAC Search and Media

Original file name:
dtx.dll

Installer:
APN Stub

Language:
English (United States)

Common path:
C:\windows\temp\tmp00000002f56dc7efe1143ba1

Digital Signature
Signed by:
IAC Search and Media

Authority:
VeriSign, Inc.

Valid from:
9/11/2012 12:00:00 AM

Valid to:
10/20/2015 11:59:59 PM

Subject:
CN=IAC Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC Search and Media, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3444D7AA32B4D542D3C80027404D5CD6

File PE Metadata
Compilation timestamp:
11/15/2013 7:19:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:zzh9P42OLVITe041dhkYp271kGdF/P1JIe4D8c7+Az5jTrbUtZrx2:zzU2OqTebzA7SQF/nIJTS4jTrwtZ

Entry address:
0x77EB

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 04, 62, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, C3, B8, 4D, E5, 00, 10, A3, 98, 8A, 01, 10, C7, 05, 9C, 8A, 01, 10, 34, DC, 00, 10, C7, 05, A0, 8A, 01, 10, E8, DB, 00, 10, C7, 05, A4, 8A, 01, 10, 21, DC, 00, 10, C7, 05, A8, 8A, 01, 10, 8A, DB, 00, 10, A3, AC, 8A, 01, 10, C7, 05, B0, 8A, 01, 10, C5, E4, 00, 10, C7, 05, B4, 8A, 01, 10, A6, DB, 00, 10, C7, 05, B8, 8A, 01, 10, 08, DB, 00, 10, C7, 05, BC, 8A, 01, 10, 95...
 
[+]

Code size:
76 KB (77,824 bytes)

Remove tmp00000002f56dc7efe1143ba1 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.