» toolbar32.dll
Overview
Analysis
File Details

toolbar32.dll

Toolbar

Zugo Ltd

The module toolbar32.dll by Zugo has been detected as adware by 11 anti-malware scanners.

File name:

toolbar32.dll

Publisher:

Zugo Ltd (signed and verified)

Product:

Toolbar

Version:

2.3.0.0

MD5:

24690fb037fdb2ccb06e7476170c8a9c

SHA-1:

ad4906ad553ae4814481b5e9ecfe61de4053b4f5

SHA-256:

cb6c4149bbefe0ca9af1cd8dc6a2e14b6127fa0a52c650de770e3e73096aab69

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/26/2024 10:10:18 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

UnclassifiedMalware

17326

Dr.Web

Adware.Zugo.71

9.0.1.016

Emsisoft Anti-Malware

Riskware.Win32.Toolbar.Zugo.AMN

8.16.01.16.08

ESET NOD32

Win32/Toolbar.Zugo (variant)

10.6753

Fortinet FortiGate

Adware/Zugo

1/16/2016

K7 AntiVirus

Riskware

13.170.9109

McAfee

Artemis!5A4DE4EEA19B

5600.6519

Reason Heuristics

PUP.Zugo.Toolbar (M)

16.1.16.8

SUPERAntiSpyware

PUP.StartNow Toolbar

9382

Trend Micro House Call

TROJ_GEN.RCBH1LU

7.2.16

VIPRE Antivirus

Zugo Ltd

11322

File size:

494.2 KB (506,080 bytes)

Product version:

2.3.0.0

2011(c)

Original file name:

Toolbar

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\feather calculator toolbar\toolbar32.dll

Digital Signature

Signed by:

Zugo Ltd

Authority:

The USERTRUST Network

Valid from:

1/27/2011 6:00:00 PM

Valid to:

1/27/2013 5:59:59 PM

Subject:

CN=Zugo Ltd, O=Zugo Ltd, STREET=PO Box 36, STREET=1st Floor, STREET=37 Broad St., L=St Helier, S=Jersey, PostalCode=JE4 9NU, C=JE

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

46241CDE5C7B500B51C5F1328228F2A9

File PE Metadata

Compilation timestamp:

7/27/2011 10:15:42 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:X50MHTTHrjaBiVtXO21n9NJiD07DEIKsZj2D0YHj:X50MHvfaBUFnwD07oIVZjJYD

Entry address:

0x4797A

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F3, 7E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 0C, A1, F4, 1B, 07, 10, 33, C5, 89, 45, FC, 56, 33, F6, 57, 3B, DE, 75, 1E, E8, 79, 31, 00, 00, 6A, 16, 5F, 56, 56, 56, 56, 56, 89, 38, E8, 02, 31, 00, 00, 83, C4, 14, 8B, C7, E9, 47, 01, 00, 00, FF, 75, 08, 53, E8, 7B, EE, FF, FF, 59, 59, 3B, 45, 08, 72, 07, 33, C0, 66, 89, 03, EB, CB, 8B, 55, 0C, 8B, 02, 8B, 48, 14, 3B, CE, 75, 2A, 8B, C3... 
[+]

Entropy:

6.3956

Code size:

366 KB (374,784 bytes)

Remove toolbar32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.