» toolbar.dll
Overview
Analysis
File Details

toolbar.dll

Zango

The module toolbar.dll by Zango has been detected as adware by 21 anti-malware scanners.

File name:

toolbar.dll

Publisher:

Zango, Inc. (signed by Zango)

Product:

Zango

Version:

10.3.79.0

MD5:

d13086464410f3a4fd4a127879bc8b39

SHA-1:

97ea8ab5c2d22f8d7cece20019c701dcec774a7b

SHA-256:

568c45a207c84a6124aff1e8cf506cc3edb37ae22d4615d3ddec12203fcf57c9

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

4/27/2024 12:57:45 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADSPY/AdSpy.Gen

7.9.1.8

Emsisoft A-Squared

AdWare.Zango!IK

4.5.0.24

Bitdefender

Gen:Adware.Heur.bv9@QS83SBcO

1.0.20.1650

Clam AntiVirus

Adware.Hotbar-2

0.98/171

Comodo Security

Application.Win32.Adware.HotBar

2203

ESET NOD32

Win32/Adware.HotBar

9.4400

Fortinet FortiGate

Adware/Hotbar

11/26/2015

F-Prot

W32/HotBar.A.gen

v6.4.5.1.85

F-Secure

Adware:W32/Zango.L

11.2015-26-11_5

G Data

Gen:Adware.Heur.bv9@QS83SBcO

15.11.19

IKARUS anti.virus

AdWare.Zango

t3scan.1.1.72.0

K7 AntiVirus

Trojan.Win32.Malware.4

13.7.10.837

McAfee

potentially unwanted program Adware-ZangoSA

5600.6570

Microsoft Security Essentials

Adware:Win32/Hotbar

1.163.1557.0

Norman

W32/180Solutions.AHU

11.20151126

Panda Antivirus

Suspicious file

15.11.26.11

Prevx

Low Risk Adware

3.0

Quick Heal

Adware.Hotbar.a (Not a Virus)

11.15.10.00

Reason Heuristics

PUP.Zango (M)

15.11.26.11

Sophos

180solutions

4.45

Vba32 AntiVirus

Win32.Adware.HotBar

3.12.10.10

File size:

1 MB (1,066,248 bytes)

Product version:

10.3.79.0

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\zango\bin\10.3.79.0\toolbar.dll

Digital Signature

Signed by:

Zango

Authority:

VeriSign, Inc.

Valid from:

2/13/2008 4:00:00 PM

Valid to:

5/12/2010 4:59:59 PM

Subject:

CN=Zango, OU=Zango, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zango, L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1CA00CAEA054614D44D3119B6DB48AD8

Registration

CLSIDs:

{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}, {F9BFA98D-9935-4EA4-A05A-72C7F0778F02}

ProgIDs:

Toolbar.ToolbarCtl.1, Toolbar.HtmlMenuUI.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

3/16/2009 3:14:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:MpCIuDRx+yXVGWH01BnWE2NKF6MiRJEId0ZH+pDHy16+Ch:MzARx+PWH01BT0KoMOdd0iDHy16+Ch

Entry address:

0x7FEBF

Entry point:

83, 7C, 24, 08, 01, 75, 05, E8, D0, CE, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 3B, 0D, 60, 33, 0E, 10, 75, 02, F3, C3, E9, 40, CF, 00, 00, CC, 83, EC, 14, 53, 8B, 5C, 24, 20, 55, 56, 8B, 73, 08, 33, 35, 60, 33, 0E, 10, 57, 8B, 06, 83, F8, FE, C6, 44, 24, 13, 00, C7, 44, 24, 18, 01, 00, 00, 00, 8D, 7B, 10, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, B8, FF, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, A8, FF, FF, FF, 8B, 44, 24, 28, F6, 40, 04... 
[+]

Entropy:

6.5467

Code size:

684 KB (700,416 bytes)

Remove toolbar.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.