home

toolbar24373908.exe

The application toolbar24373908.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl.cdn-services.com.
MD5:
a552f21a8b9c721115c8676ebcdae41c

SHA-1:
92c58b90a52b647dbacf29126d9fd2ac49cd9db6

SHA-256:
8bb49cbbc73fbe54ef23419fa90fc4a86b6742c9f70609ede2d2341032121415

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 3:20:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11794281
786

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Malware-gen
141130-1

Bitdefender
Trojan.Generic.11794281
1.0.20.1725

Comodo Security
TrojWare.Win32.Agent.dfgtr
18105

Dr.Web
infected with Trojan.StartPage.57898
9.0.1.05190

Emsisoft Anti-Malware
Application.Win32.InstallBrowse
9.0.0.4668

ESET NOD32
Win32/Reporter.A potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Hao123
4/21/2014

F-Secure
Trojan.Generic.11794281
11.2014-11-12_5

G Data
Trojan.Generic.11794281
14.12.24

K7 AntiVirus
Trojan
13.176.11755

Kaspersky
not-a-virus:AdWare.Win32.Hao123
15.0.0.543

Malwarebytes
PUP.Optional.Hao123.A
v2014.04.21.08

McAfee
Program.Artemis!A552F21A8B9C
16.8.708.2

MicroWorld eScan
Trojan.Generic.11794281
15.0.0.1035

NANO AntiVirus
Trojan.Win32.StartPage.brmuar
0.28.0.59048

Norman
Suspicious_Gen4.FQOJK
11.20140421

nProtect
Trojan.Generic.11794281
14.10.31.01

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R0CBH07DD14
7.2.111

Vba32 AntiVirus
AdWare.Hao123
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

File size:
308.8 KB (316,169 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\toolbar24373908.exe

File PE Metadata
Compilation timestamp:
7/14/2013 10:09:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:uauq7wItit9Hppne3aeIe2ea7wVLjiIdqI2F7ZLnV1gL7HY0Qo5R:VnijJdeVIWGs7EFH1o5R

Entry address:
0x310B

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 58, EC, 42, 00, E8, 73, 2D, 00, 00, A3, A4, EB, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, E0, 8F, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, A0, E3, 42, 00, E8, 1D, 2A, 00, 00, FF, 15, 1C, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 0B, 2A...
 
[+]

Entropy:
7.9480

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file toolbar24373908.exe has been seen being distributed by the following URL.

http://dl.cdn-services.com/site/files/prtnrp/Runner/.../EG_hao123.exe

Remove toolbar24373908.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.