» toolbar.dll
Overview
Analysis
File Details
Behaviors (1)

toolbar.dll

Imvent LTD.

The module toolbar.dll by Imvent has been detected as a potentially unwanted program by 17 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘SWEETIE’.

File name:

toolbar.dll

Publisher:

Macrogaming (signed by Imvent LTD.)

Product:

Macrogaming

Description:

IE Toolbar

Version:

3, 0, 0, 21

MD5:

759983a88e4eea7a304438858ad019b6

SHA-1:

4681e1235cafb37d3cc0143fe176be758fdef2a2

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 12:17:18 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-gen [Adw]

2014.9-140421

AVG

Generic3

2015.0.3498

Comodo Security

UnclassifiedMalware

9441

Dr.Web

Adware.Softomate.98

9.0.1.0111

Emsisoft Anti-Malware

Riskware.Adware.Win32.SweetIMBar!IK

8.14.04.21.06

G Data

Win32:Adware-gen

14.4.22

IKARUS anti.virus

not-a-virus.Adware.Win32.SweetIMBar

t3scan.1.1.104.0

K7 AntiVirus

Adware

13.108.4924

Norman

SweetBar.G

11.20140421

Panda Antivirus

Application/SweetBar

14.04.21.06

Quick Heal

AdWare.Mostofate.dt (Not a Virus)

4.14.11.00

Reason Heuristics

PUP.Optional.BHO.H

14.12.16.10

Rising Antivirus

Trojan.Win32.Generic.11E85207

23.00.65.14419

Sophos

SearchIt

4.67

Vba32 AntiVirus

AdWare.Win32.Mostofate.dt

3.12.16.4

VIPRE Antivirus

Adware.Trojan.Win32.Generic

9904

ViRobot

Adware.Mostofate.548992

2011.7.19.4577

File size:

536.1 KB (548,992 bytes)

Product version:

3, 0, 0, 21

Original file name:

toolbar.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\macrogaming\sweetimbarforie\toolbar.dll

Digital Signature

Signed by:

Imvent LTD.

Authority:

GeoTrust Inc

Valid from:

8/4/2006 9:33:55 AM

Valid to:

8/4/2007 9:33:55 AM

Subject:

CN=Imvent LTD., OU=GeoTrust Code Signing, OU=R&D, O=Imvent LTD., L=Raanana, S=Israel, C=IL

Issuer:

CN=GeoTrust TrustCenter CodeSigning CA I, O=GeoTrust Inc, OU=GeoTrust TrustCenter CodeSigning CA, C=US

Serial number:

00E78E00010020941DEDAB3E72E378

Registration

CLSIDs:

{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}, {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}

ProgIDs:

ToolBand.SWEETIE.1, SWEETIE.SWEETIE.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/5/2006 5:44:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:6D6GIc7/dnUhCisekd3iGaGPkN11XpKE0aW8MKGjWdMMM09:NGI4UwSpGsN1xp0FKaMMU

Entry address:

0x52DCB

Entry point:

55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, 9C, FB, 07, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, 34, FC, 07, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, 15, FF, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, B6, 69, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, F1, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, E0, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00... 
[+]

Entropy:

6.2726

Developed / compiled with:

Microsoft Visual C++ 6.0

Code size:

368 KB (376,832 bytes)

Internet Explorer BHO

Display name:

SWEETIE

CLSID:

{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}

CLSID name:

SWEETIE Class

Remove toolbar.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.