» toggle.exe
Overview
Analysis
File Details

toggle.exe

Montera Technologeis LTD

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application toggle.exe by Montera Technologeis has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

toggle.exe

Publisher:

Toggle (signed by Montera Technologeis LTD)

Product:

toggle

Version:

1.8.8.12

MD5:

13a3177803a4020aa3e077dc3b9c89cc

SHA-1:

39f707c511cf92fa720ba33247973bb5ccca50d7

SHA-256:

42c2ebada580568b433144bd5b44e90e607bc885b0ffe23d729fdc06ac6fadca

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

12/21/2025 10:27:07 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

17533

Dr.Web

Adware.Downware.837

9.0.1.015

ESET NOD32

Win32/Toolbar.Montiera

8.9239

Reason Heuristics

PUP.Montera.G

14.8.7.19

Trend Micro House Call

TROJ_GEN.F47V0102

7.2.365

File size:

2.1 MB (2,176,200 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\toggle.exe

Digital Signature

Signed by:

Montera Technologeis LTD

Authority:

COMODO CA Limited

Valid from:

5/28/2012 2:00:00 AM

Valid to:

5/29/2013 1:59:59 AM

Subject:

CN=Montera Technologeis LTD, O=Montera Technologeis LTD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

361B49E5431DD304CA32589D28E4DD3C

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:v1jJDyMn/ov+LBffbtoqEw7pUS8AbxxrefEO0JLtn:Cy/W+5fbtoq/7R8ETafmR

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9953

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove toggle.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.